Security & web application.
Security & web application.
There is a difference on security on the use of symlink to refer to web applications? Example: If i use: .../..../www link_pippo_application .../pippo_application/ Naturally www is the document root of my web server. It's more secure than use directly? .../www/pippo_application/ Bye Alessandro |
No, it's no more secure. What security aspects are you looking for? Access ccontrol, or what the application can do once launched, or what?
|
I don't know than i have questions.
But in which way it is possible to increase the security without to use a chroot system? Bye Alessandro |
"Increase the security" without knowing any specifics is too broad a topic. Entire books are written on such topics.
The major insecurity that I have come across in web-based applications is a lack of user input validation. When getting user input from a form, there is often no attempt to verify that the user is supplying the type of information needed, or that the supplied input, if processed normally, will not have unintended consequences (SQL injection, mail header injection, code download/compile/execution, etc.) If I were to give you only one bit of advice on security for your application, it would be to make sure that you are checking user input. |
Do you know some clear example (or links) of best pratical to avoid this problem?
Thanks Alessandro |
Well, if the app is done with PHP, J_K9's The Problem With PHP Application Security is a good starting point. Even if it is not PHP, there are still valid points for any language there and at linked sites.
|
Thank a lot!
I don't like Php for many reasons but your link is very useful. It's a very good start point. :) I hope to find also something to java web programming. Bye Alessandro |
All times are GMT -5. The time now is 10:54 PM. |