Security Basics mailing list archives
Re: Re: PCI question - anonymous users from uploading files
From: evilwon12 () yahoo com
Date: 15 Jan 2008 20:04:30 -0000
-Internal or external users? -What type of data are we talking about? -Who can access/use the data? -Can the anonymous users download data from the same site as well? -Is this upload site on an internal, external or dmz machine? I'm sure there are several other questions that can be asked, those are the immediate ones that came to my mind in 30 seconds. With the information given, there is no way to give you a yes or no answer and be 100% correct. As an example, if this machine is completely isolated from your PCI environment, this may be a mitigating factor in your favor. Again, I do not know the purpose of the file uploads, the machine that they are being placed on, or where the machine is in relation to your network. Thus, I cannot make any assessment of your situation.
Current thread:
- PCI question - anonymous users from uploading files J. Lion (Jan 15)
- Re: PCI question - anonymous users from uploading files Jason Thompson (Jan 15)
- RE: PCI question - anonymous users from uploading files Honer, Lance (Jan 18)
- RE: PCI question - anonymous users from uploading files Abimbola, Abiola (Jan 16)
- Re: PCI question - anonymous users from uploading files Lyle Worthington (Jan 17)
- <Possible follow-ups>
- Re: Re: PCI question - anonymous users from uploading files evilwon12 (Jan 15)
- Re: PCI question - anonymous users from uploading files Jason Thompson (Jan 15)