[PLUG-TALK] Server Security and Cracking
Rich Shepard
rshepard at appl-ecosys.com
Tue Mar 5 16:28:20 UTC 2013
On Mon, 4 Mar 2013, Aaron Burt wrote:
> (I'm always amazed how many banks use ASP.)
Me, too. Especially the ones that won't work with linux-hosted firefox or
other browsers because the back end locks out anything non-Microsoft.
> The web-apps are usually the easiest way to steal info, and it seems like
> nearly all of these breakins are via web-app security holes.
I did not realize this but it certainly makes sense.
> Web-apps are usually built with minimal effort using standard frameworks.
> Once the site is pretty, it's done as far as the client is concerned, so
> the coders are racing the designers to get the basic features done.
> Security is Somebody Else's Problem. :)
This implies that a local site developer can have more control over
increasing security of the local site. This is very interesting as I'm
gradually learning Plone so I can re-create my company web site. I assumed
that the Plone development team took care of security but I will now look
explicitly for what I can screw down more tightly. Thanks for this wisdom.
> Security breaches have no significant cost right now. If they somehow get
> expensive, they may become less common.
From the news items I've read the impression is that these breaches are
quite expensive both immediately and in the near future.
Thanks,
Rich
More information about the PLUG-talk
mailing list