Re: Why are developers choosing to...

[Greg Spath <gkspath () armstrong com>]

On Fri, 20 Jan 2006 17:42:49 +0000
"Keith A. Glass" <salgak () speakeasy net> wrote:

> > -----Original Message-----
> > From: Behm, Jeffrey L. [mailto:BehmJL () bvsg com]
> > Sent: Friday, January 20, 2006 05:34 PM
> > To: firewall-wizards () honor icsalabs com
> > Subject: [fw-wiz] Why are developers choosing to...
>
> > Why are developers choosing to write "web-based" code that runs some
> > sort of encryption, typically SSL, across a non-standard port (say
> > 10443) and then having those URLs blow up when they try to traverse
> > the prudent company's perimeter security...You know..."deny all
> > that is not explicitly allowed."
>
> Obviously "security by obscurity".  The ONLY reason I can see for
> non-standard ports are multiple SEPARATE applications using the same
> URL: we pulled that trick, back in the dotcom days, when I worked for
> Virtual Compliance (now defunct).  But domains are cheap enough these
> days to not need that trick. . .

Or maybe to NAT to several different backend systems which are actually
running the app on the proper port?  Not that I agree with that for
businesses who definitely can afford to do it the right way, but another
potential reason why it occurs.

The security problems with that direct access are of course another
discussion.

-- 
Greg Spath <gkspath () armstrong com>                        
Infrastructure Security Analyst    
Armstrong World Industries, Inc.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards