Forums

This topic is locked

How Secure is Ultradev?

Posted 16 Jul 2002 15:37:06
1
has voted
16 Jul 2002 15:37:06 No more Newsletters posted:
How secure are Ultradev's default behaviors? I recently read an article on SQL injection and I'm curious if there are security holes are in the default scripts.

What precautions can we take to make sure that our data-driven sites are secure?

Thanks

Edited by - ericwelsh on 16 Jul 2002 22:13:45

Replies

Replied 17 Jul 2002 08:03:09
17 Jul 2002 08:03:09 aegis kleais replied:
The only issue I heard with UltraDEV security was that you could, indeed, break a userlogin behavior, insert some SQL and obtain personal information, but I BELIEVE 4.01 fixed that problem.

Other then that there are basic steps to Site/DB Security

A. Keep all passwords secure.
B. Make sure all includes have .asp extensions
C. Place a username and password on the DSN
D. Place a username and password on the DB
E. Place the db in a directory that doesn't sound like a place you'd store a db, (ie, old_files) don't use (data or db)
F. Try to use SQL rather than access (DB resides on Server and not as a downloadable file)


Generally, Macromedia is a [radio edit]-ly awesome company and their scripts are likewise. THey are short, concise, optimized, and made to handle many browsers, servers, OSes and data objects. Oddly enough, WinNT based OSes are usually more secure than Unix based (but we all know how much more powerful Unix is over WinNT) &gt;<img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>

Aegis Kleais
New Media Web Developer
(DWMX : IIS5.1 : SQL2K : WXP : ASP[VB/JS])

Reply to this topic