Firewall Wizards mailing list archives
Re: Why are developers choosing to...
From: Greg Spath <gkspath () armstrong com>
Date: Fri, 20 Jan 2006 13:52:51 -0500
On Fri, 20 Jan 2006 17:42:49 +0000 "Keith A. Glass" <salgak () speakeasy net> wrote:
-----Original Message----- From: Behm, Jeffrey L. [mailto:BehmJL () bvsg com] Sent: Friday, January 20, 2006 05:34 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Why are developers choosing to...Why are developers choosing to write "web-based" code that runs some sort of encryption, typically SSL, across a non-standard port (say 10443) and then having those URLs blow up when they try to traverse the prudent company's perimeter security...You know..."deny all that is not explicitly allowed."Obviously "security by obscurity". The ONLY reason I can see for non-standard ports are multiple SEPARATE applications using the same URL: we pulled that trick, back in the dotcom days, when I worked for Virtual Compliance (now defunct). But domains are cheap enough these days to not need that trick. . .
Or maybe to NAT to several different backend systems which are actually running the app on the proper port? Not that I agree with that for businesses who definitely can afford to do it the right way, but another potential reason why it occurs. The security problems with that direct access are of course another discussion. -- Greg Spath <gkspath () armstrong com> Infrastructure Security Analyst Armstrong World Industries, Inc. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Why are developers choosing to..., (continued)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Karl Mueller (Jan 20)
- Re: Why are developers choosing to... Adrian Grigorof (Jan 20)
- Re: Why are developers choosing to... Greg Spath (Jan 20)
- Message not available
- Re: Why are developers choosing to... hermit921 (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... hermit921 (Jan 20)
- Re: Why are developers choosing to... Darren Reed (Jan 20)
- Re: Why are developers choosing to... mlh (Jan 23)
- Re: Why are developers choosing to... Barney Wolff (Jan 23)
- Re: Why are developers choosing to... Keith A. Glass (Jan 20)
- Re: Why are developers choosing to... Greg Spath (Jan 20)
- RE: Why are developers choosing to... Behm, Jeffrey L. (Jan 20)
- RE: Why are developers choosing to... Behm, Jeffrey L. (Jan 20)