LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SQL Injection and BASE (Basic Analysis And Security Engine) (https://www.linuxquestions.org/questions/linux-security-4/sql-injection-and-base-basic-analysis-and-security-engine-4175478987/)

OtagoHarbour 09-29-2013 04:09 PM
SQL Injection and BASE (Basic Analysis And Security Engine)
 
I am using Debian 7.0 and am thinking of installing BASE (Basic Analysis And Security Engine) in order to handle the horrendously long Alert files generated by Snort.

One thing that makes hesitant is that I saw this article about SQL injection vulnerability with BASE. It seems that the problem may be fixed.

Does anyone know anything about this?

Thanks,
OH.

unSpawn 09-29-2013 06:38 PM
Quote:
Originally Posted by OtagoHarbour (Post 5036923)
It seems that the problem may be fixed. Does anyone know anything about this?
What's unclear about the message? It clearly reads "The vendor has released Basic Analysis and Security Engine version 1.2.1 to address this issue.".

*Apart from that BASE is a log reporting tool and IMNSHO any management interfaces should have secure and restricted access only.

OtagoHarbour 09-29-2013 09:55 PM
Quote:
Originally Posted by unSpawn (Post 5036974)
*Apart from that BASE is a log reporting tool and IMNSHO any management interfaces should have secure and restricted access only.
It says it's web based and uses PHP. Does that mean it sends the data to a remote site? It does seem to use a local database. I thought the PHP could be used for local display.

unSpawn 09-30-2013 01:36 AM
Quote:
Originally Posted by OtagoHarbour (Post 5037040)
It says it's web based and uses PHP. Does that mean it sends the data to a remote site?
No, it means it's a web-based log analysis front end. Which average users should not be able to access.


All times are GMT -5. The time now is 04:10 PM.