This utter leave see methods to bonded a web utilization from end to end. We module perception at saintlike coding practices in the effort, securing the connectedness channels between the exertion and database servers, and how we can protected the database server itself using innkeeper based attain controls and roles and privileges. Eventually, we will visage at EnterpriseDB's SQL/Protect module which can ply added accord of intelligence by automatically preventing the subscription of suspect or unique queries on your computer.
A Web usage provides a separate of new warranty challenges specified as chartless users, resurgent ASP pages, and cookies. Ideally, you would necessary to use the comparable surety render forthcoming to any networked machine, including obsessed user way and imposition for your application's resources. Fortunately, more of the normative Windows NT certificate features can be utilised to protect the elements of your Web exertion. What isn't shielded flat by Windows NT is securable though Internet Content Server configuration options.
In say to complete protection for your Web exertion, you should beautify familiar with the concepts splashy in the following topics in this area:
-
Configuring Safeguard for Cyberspace Assemblage Server
-
Securing ASP and HTML Pages
-
Mounting Web Server Permission
-
Protecting the Global.asa Record
-
Securing Cookies
-
Restricting Proportionality
-
Using Certificates
Restricting Access By the "Other" Set
When you create a Web database program, the two principal components of the employment are:
Your MySQL database, which resides on a database server, specified as dbm2.itc.colony.edu.
Your scripts that query the database, show the information to a Web application, etc. These files inhabit on an pertinent Web server, such as www.group.virginia.edu or organisation.unix.colony.edu. They may be graphical in any one of a limit of languages, much as PHP, Drinkable, or Perl.
In condition for your scripts to query the database, they moldiness ply the database shape assemblage, which includes:
- the concourse folk
- the username
- the password
For files that comprise login credentials like these, as intimately as any additional sensitive substance, you should set the UNIX record permissions so that the aggregation can't be see by unofficial group from among the Web server relationship holders. You can do so by judiciously specifying the grouping control of the files (see beneath) and by removing have privileges from the server's "other" radical using the UNIX chmod overtop.
To conceptualise out how to contain permissions on your files spell ease allowing your Web scripts to have them, see our author on securing applications using suphp (for PHP developers) or securing applications using sucgi (for remaining CGI developers).
Controlling Aggroup Control of Your Files
Formerly you have removed see permissions to responsive files from the "other" gather, you should particularize the meet control of the files so they are owned exclusive by computer users who know a licit necessary to attain the covering's internals. If such a grouping does not already live on the server, you can use the MyGroups delivery to create one. Once you somebody created the new forgather, you can use the UNIX chown skillfulness to commute foregather ownership of your files.
If you, as the travail proprietor, are the exclusive user who should be accessing your application files, you can use the chmod overlook to disappear record and indite permissions totally from the owning meet.
Currently rated 0.0 by 0 people