Subject: Policy-Discussion
List archive
- From: Jac Kersing <j.kersing AT the-box.com>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] What's the name for?
- Date: Wed, 27 Jul 2005 23:01:11 +0200 (CEST)
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
On Sat, 23 Jul 2005, Russell Smith wrote:
Would the SQL server be secured on a third machine, with only network connections allowed on the relevant port? I assume the only way to protect data is to ensure that only certain queries can be run. As if you comprimise the web server, you have all the passwords to connect to the SQL server. I'm not sure how exactly the SQL server could be secured, it needs more flexible access than the root key server.
Some protection would be to use stored procedures for the queries and limit access from the webserver to the stored procedures (hmmm, does MySQL do stored procedure these days?) That way only predefined queries can be executed...
Regards,
Jac
---
Jac Kersing Technical Consultant The-Box Development
j.kersing AT the-box.com
CISSP http://www.the-box.com
- Re: [CAcert-Policy] Changing Name and Points, (continued)
- Re: [CAcert-Policy] Changing Name and Points, Philipp Gühring, 07/20/2005
- [CAcert-Policy] What's the name for?, Ian Grigg, 07/21/2005
- Re: [CAcert-Policy] What's the name for?, Duane, 07/21/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/21/2005
- Re: [CAcert-Policy] What's the name for?, Philipp Gühring, 07/22/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/26/2005
- Re: [CAcert-Policy] What's the name for?, Russell Smith, 07/22/2005
- Re: [CAcert-Policy] What's the name for?, Duane, 07/22/2005
- Re: [CAcert-Policy] What's the name for?, Russell Smith, 07/23/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/27/2005
- Re: [CAcert-Policy] What's the name for?, Jac Kersing, 07/27/2005
- Re: [CAcert-Policy] What's the name for?, Philipp Gühring, 07/31/2005
- Re: [CAcert-Policy] What's the name for?, Philipp Gühring, 07/22/2005
- Re: [CAcert-Policy] What's the name for?, Peter Williams, 07/24/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/25/2005
- RE: [CAcert-Policy] What's the name for?, Peter Williams, 07/26/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/26/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/21/2005
- Re: [CAcert-Policy] What's the name for?, Duane, 07/21/2005
- [CAcert-Policy] What's the name for?, Ian Grigg, 07/21/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/25/2005
- Re: [CAcert-Policy] What's the name for?, Philipp Gühring, 07/29/2005
- Re: [CAcert-Policy] Changing Name and Points, Philipp Gühring, 07/20/2005
- Re: [CAcert-Policy] What's the name for?, Ian Grigg, 07/26/2005
- Re: [CAcert-Policy] What's the name for?, Philipp Gühring, 07/29/2005
- RE: [CAcert-Policy] What's the name for?, Peter Williams, 07/29/2005
Archive powered by MHonArc 2.6.16.