RE: [fw-wiz] Sources for Extranet Designs?
From: Paul Robertson (proberts_at_patriot.net)
Date: 02/23/04
- Previous message: Wes Noonan: "RE: [fw-wiz] Sources for Extranet Designs?"
- In reply to: Daniel Linder: "RE: [fw-wiz] Sources for Extranet Designs?"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Sources for Extranet Designs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Daniel Linder <dan@linder.org> Date: Mon, 23 Feb 2004 16:45:07 -0500 (EST)
On Mon, 23 Feb 2004, Daniel Linder wrote:
> Is there such thing as a SQL front end proxy? I would think with more
> security devices employing "layer 8" (yeech, marketing speak) filtering a
> SQL security proxy that could be programmed with limits such as
> databases/tables/columns, number of rows returned, etc this might be a
> good first line of defense...
There are better ways to handle this, in the application.
Stored Procedures.
Applications shouldn't be able to gather arbitrary data, it's always a bad
idea.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Wes Noonan: "RE: [fw-wiz] Sources for Extranet Designs?"
- In reply to: Daniel Linder: "RE: [fw-wiz] Sources for Extranet Designs?"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Sources for Extranet Designs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
