tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: RES: Resource Security
Date Mon, 20 Aug 2007 23:25:23 GMT
Milanez, Marcus wrote:
Should I always assume that the resources that my application access
(like a database for example) doesn't need additional security,
because it is hosted in a server, and if this so called server was
attacked them worse things could actually happen?
Generally I would expect worse things to happen if the database server
was compromised compared to just a single account. Of course, it
depends which account.

In this case, should I assume as a developer (not as a system admin),
that my network is safe, that my web server is safe?
You can't look at the individual components. You have to look at the
system as a whole. Security is always a trade-off. The right
trade-offs will vary from system to system.

In terms of security, is it right to delegate a web system
administrator the right to know my application's database user and
password?
Again, it is a trade-off. What are the risks of them knowing the
password vs. them not knowing? Is it practical to keep it from them?
My own $0.02 would be that you can keep the DBA password from them but
the password the system uses would be very hard to keep from them. If
you really don't trust them with it then you are either very paranoid
or you should be thinking about terminating their employment.

I know that security recommendations in database side tells us that an
application users should only have access to what they need, in terms
of commands, tables and so on, but again, should I always assume that
as a developer?
It will vary from organisation to organisation but I would expect the
system developers to provide a set of scripts to create the necessary
database objects and the DBA to review them to ensure they are
appropriate, including minimal permissions.

> In my point of view, I think my application server should take care of all these issues
for me...
The app server can't do you security assessment for you. If you find
one that can, let me know ;)

In fact my only suggestion is: My app. Server should ask for a 'key'
(besides the manager password) whenever I install a new application.
This key could be used to encrypt all my application files, preventing
anyone to open them. I know there are issues like 'Where should this
key be stored?', 'Who should type this key ?' and I know that, but I
can't find a good answer... I'm just exposing some ideas.
There is no easy solution to this (that I can think of)


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message