Re: What if we don't trust web Server
From: Jonathan (jm4498_at_msn.com)
Date: 06/11/03
- Next message: Jason: "Re: "Email Beta Testing Scam .???"
- Previous message: YK: "Re: children & cable modem"
- In reply to: Guogang: "Re: What if we don't trust web Server"
- Next in thread: Roger Abell: "Re: What if we don't trust web Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Jun 2003 20:58:17 -0400
It isn't very easy to change websites on remote computers. If you are
really worried, perhaps you should read a bit more and/or not host a website
with important information
-- --Jonathan http://www.imbored.biz - A Windows Server 2003 visual, step-by-step tutorial site :-) Replies by Email will not be read and will be deleted on the spot. Unless I ask you to Email me, please do not. Reply by newsgroup only, please. "Guogang" <nospam@no_such_domain.com> wrote in message news:e$ZLQz6LDHA.2460@TK2MSFTNGP10.phx.gbl... > Thanks for the reply. > > We are planning to use Windows Server 2003, and IIS 6.0. > > > "Jonathan" <jm4498@msn.com> wrote in message > news:u492wd6LDHA.1552@TK2MSFTNGP10.phx.gbl... > > What OS and web server program are you running. It's a bit harder to > change > > remote websites then you think > > > > -- > > --Jonathan > > http://www.imbored.biz - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > Replies by Email will not be read and will be deleted on the spot. Unless > I > > ask you to Email me, please do not. Reply by newsgroup only, please. > > > > > > "Guogang" <nospam@no_such_domain.com> wrote in message > > news:uRrQYY6LDHA.2220@TK2MSFTNGP10.phx.gbl... > > > I am not sure, how badly web server can be attacked. > > > > > > I think it is not too hard to find the web page at web server, and alter > > it. > > > > > > It is quite possible that they can change the login page to keep the > > > original functionalities, but forward a copy of user name and login to > > > another place without being noticed. > > > > > > Is there some thought to avoid this kind of attack? > > > > > > > > > > > > > > > "Jonathan" <jm4498@msn.com> wrote in message > > > news:ud2yts5LDHA.1608@TK2MSFTNGP11.phx.gbl... > > > > What do you mean? Assuming your database is on a separate computer, > and > > > the > > > > web server access it by local means, and that the computer with the > > > database > > > > has no direct openings to the web (nothing in your router/firewall is > > > > forwarded to it) then you're fine (or should be) > > > > > > > > -- > > > > --Jonathan > > > > http://www.imbored.biz - A Windows Server 2003 visual, step-by-step > > > > tutorial site :-) > > > > Replies by Email will not be read and will be deleted on the spot. > > Unless > > > I > > > > ask you to Email me, please do not. Reply by newsgroup only, please. > > > > > > > > > > > > "Guogang" <nospam@no_such_domain.com> wrote in message > > > > news:O5Qg#L5LDHA.704@tk2msftngp13.phx.gbl... > > > > > Hi, > > > > > > > > > > In a classic setup: > > > > > > > > > > Client----Firewall-----Web Server----Firewall----Database > > > > > > > > > > What if we don't trust web server, due to the fact that it is highly > > > > > exposed? If web server is compromised, user name, password can be > > easily > > > > > intercepted. What is the best we can do to protect from such > attacks? > > > > > > > > > > Got some idea to minimize the information exposed to web server? > > > > > > > > > > Thanks, > > > > > Guogang > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Jason: "Re: "Email Beta Testing Scam .???"
- Previous message: YK: "Re: children & cable modem"
- In reply to: Guogang: "Re: What if we don't trust web Server"
- Next in thread: Roger Abell: "Re: What if we don't trust web Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
