WebApp Sec mailing list archives
web application, data classification and database security
From: test.future () gmail com
Date: 26 Sep 2006 08:11:08 -0000
Dear all, In our organization, after several years of integration effort, now our database is integrated to one physical box. The web applications which require database access are all intranet with login. However, things change. Now we are developing internet web apps which need database access also, some require login, some not. We are also developing intranet no-login apps with database access. The DBA is very much concerned with the security of the database. Should we segregate internet and intranet application infrastructure? That means one set of web server, app server and database server for internet apps, another set for intranet apps. Or should we classify the apps based on whether they need login? Or data criticality classification? What's the industry best practices? Thanks for any advice. ------------------------------------------------------------------------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw --------------------------------------------------------------------------
Current thread:
- web application, data classification and database security test . future (Sep 26)
- <Possible follow-ups>
- Re: web application, data classification and database security test . future (Sep 27)