Penetration Testing mailing list archives
RE: Hardcoded Database IP in ASP
From: "Darryl Stevens" <darryl_stevens () hotmail com>
Date: Fri, 15 Sep 2006 13:39:50 -0400
I'm looking at a SQL Server 2000. I was brainstorming and came up with the following idea: Setting up a one node cluster and using the virtual address (NetBios) as static input into my ASP script. Thoughts?
DARRYL K. STEVENS...........SILKY SMOOTH................ ...........That's my story and I'm sticken to it......... From: "William Woodhams" <William.Woodhams () wegmans com>To: "Darryl Stevens" <darryl_stevens () hotmail com>,<webappsec () securityfocus com>,<pen-test () securityfocus com>
Subject: RE: Hardcoded Database IP in ASP Date: Fri, 15 Sep 2006 08:12:19 -0400 MIME-Version: 1.0Received: from CRP638.wfm.wegmans.com ([65.37.79.144]) by bay0-mc6-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 15 Sep 2006 05:12:21 -0700 Received: From crp814.wfm.wegmans.com ([172.21.18.66]) by CRP638.wfm.wegmans.com (WebShield SMTP v4.5 MR2);id 115832234079; Fri, 15 Sep 2006 08:12:20 -0400 Received: from CRP865.wfm.wegmans.com ([172.21.18.61]) by crp814.wfm.wegmans.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 15 Sep 2006 08:12:19 -0400
X-Message-Info: LsUYwwHHNt10tPHTrS6dVEk9unDQHIhrkBfKJy7NNA8= X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Hardcoded Database IP in ASP Thread-Index: AcbYQPzhs1nbLnUDQQ+LOxFf4CglYgAfx0oQ Return-Path: William.Woodhams () wegmans comX-OriginalArrivalTime: 15 Sep 2006 12:12:19.0891 (UTC) FILETIME=[314A4830:01C6D8C0]
What type of DB are we talking about? Bill Woodhams Systems Technician Development Group-Technical Systems (585)429-3183 William.Woodhams () wegmans com Newcastle United signs Michael Owen...Enough Said! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Darryl Stevens Sent: Thursday, September 14, 2006 2:28 PM To: webappsec () securityfocus com; pen-test () securityfocus com Subject: Hardcoded Database IP in ASP Hello fellow Security Guru's. I've been on the distro from sometime and gaining a lot of insight into various security issues. Question: I have ASP script that points to a backend database residing on seperate physical server. Is there any known way of getting around using a hard-coded IP address to point to the database? Would utilizing the OS hosts file serve my purposes of and satisfy secure code practices? Thanks guys. Darryl ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Hardcoded Database IP in ASP Darryl Stevens (Sep 14)
- Re: Hardcoded Database IP in ASP RSnake (Sep 15)
- RE: Hardcoded Database IP in ASP Ken Schaefer (Sep 18)
- <Possible follow-ups>
- RE: Hardcoded Database IP in ASP William Woodhams (Sep 15)
- RE: Hardcoded Database IP in ASP Darryl Stevens (Sep 15)