Jump to content

SECURITY HOLE IN WC

timmy

By timmy
in Other Internet Technologies

 Share

This topic is 8306 days old. Please don't post here. Open a new topic instead.

Recommended Posts

timmy Collaborator

timmy

Posted
Posted

This is a follow up to the thread:

http://www.fmforums.com/threads/showflat.php?Cat=&Board=UBB21&Number=19032&page=&view=&sb=&o=&vc=1

I'm writing this question here because i think the other thread was way out of my league. I'm looking for a dumbed down version.

Basically this is my understanding of the situation. If someone has access to your database, they can very easily view all the data in all of the fields in all of the records.

My situation is as follows:

I have many databases running which are accessed by many people who log in with usernames and passwords. I trust these people, so i'm not too worried about them "hacking" into other areas of the website. Also, i have a database running that anyone in the world can hit without a login or password. This database contains no sensitive data, so I dont care what people look at.

I believe that the problems with web security discussed in the other thread do not matter to me under these circumstances. People with passwords can be trusted not to "hack" the sensitive databases. No one without a password has access to the sensitive databases. Everyone has access to the public database, and I dont mind if people hack it, because the data is all there anyway.

Am i correct in thinking this?

thanks,

Tim.

Anatoli Grand Master

Anatoli

Posted
Posted

RE: No one without a password has access to the sensitive databases.

Probably everyone has access to those databases. Give us URL and we will try.

I do believe people here will not try to destroy something or gain advantage. Definitely not me.

If you use Exact search and good password logic, it will be more secure, but hard to work with that db.

We developed Security Filter for our Windows server and we are probably 99% protected, maybe even 100%.

Garry Claridge Grand Master

Garry Claridge

Posted
Posted

Yes, Timmy you are very close to correct.

Are you using the 'Web Security' database? This is quite good, however not the best tool to work with. It also does not do record security; even though a paper about this exists on the FM web-site.

The tool Anatoli has should also be very good. It will protect against any weak points of the 'Web Security' database.

Good Luck

Garry

This topic is 8306 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept