Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ASP

From: "Steven M. Bellovin" <smb () research att com>
Date: Thu, 28 Jun 2001 14:49:16 -0400
In message <5.0.2.1.2.20010626121501.00aad070 () popserv ucop edu>, hermit1 writes
:

Is there a general feeling about the safety of Active Server Pages?  I know 
a little about what needs to be done with the OS and on the programming 
side to keep ASP from being wide open to attackers.  Is there a preferred 
alternative?


*All* server-run scripts -- ASP, CGI, XYZZY -- are network services 
being offered to the public.  As such, they should be treated with 
extreme suspicion.  In particular, these are the reasons you don't want 
your Web servers on the inside of your firewall.

                --Steve Bellovin, http://www.research.att.com/~smb


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: