From: GeorgeOsvald <geo...@ya...> - 2006-09-17 01:00:43
|
On Sunday 17 September 2006 02:26, Toni Mueller wrote: > Hello George, > > On Fri, 08.09.2006 at 15:57:21 +1000, GeorgeOsvald <geo...@ya...> wrote: > > On Friday 08 September 2006 09:55, Josh Berkus wrote: > > > Well, security is something you implement at every level, not just at > > > the gateway. So: SSL: yes, Domain limits: Yes, server lockdown: yes, > > > strong passwords: yes, secure session tracking: yes, database security: > > > yes, database auditing: yes. What you *don't* do is implement > > > security in one area (like SSL or VPN) and expect that you don't need > > > to worry about security anywhere else. That's a fast way to get > > > hacked. > > > > You can do bit more than that depending on your level of paranoia. I am > > extremely paranoid. When it comes to security redundancy is a good thing. > > nothing of all this helps you in case you *want* your server online, > like when you're offering hosted SL. Fortunately, we don't so far, but > with this experience in mind, I doubt we ever will. I have had servers on line for the last three years. No problems so far. It works very well for me. I asked a question some time ago during all the commotion if anyone ever had any security breaches. So far zippo. > > Frankly If I had an employee who would be able to hack SL he/she would > > not be working as an accountant. You can still search the logs to find > > out who was logged in and did what. > > This depends on the degree of access the bad guy had to your server(s). > If the claim that finding out the users of SL with almost no prior > knowledge is valid, you'll only find in your logs that you were the one > committing some kind of crime because the impostor impersonated you. This was again only theory because in my case only two people access the servers. How ever if anyone wanted to impersonate me then they would have to do it either from my computer/my account (not likely) or they would have to know where to go exactly, spoof the IP, get through the first firewall/NAT, get authorized by proxy, get authorized by xinetd/apache and only then get authorized by SL. There are various levels of logging along the way as well. It would be easier to simply steal the box. > > Best, > --Toni++ > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > sql-ledger-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sql-ledger-users |