Firewall Wizards mailing list archives
RE: ASP
From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Mon, 2 Jul 2001 15:13:42 -0500
Microsoft's Active Server Pages are very much like anything that is housed as a service. I've seen secure code and insecure code, I've seen secure code being used to house insecure components and vice versa. Generally speaking, it depends as to what you wish to do. Typically, using any service there are some things you need to harden before you want to push to production, and ASP, more so IIS, has ASP scripts that should be removed. Cheers r. Richard Scott Information Security ? Tel: (001) -952-995-5432 ? Fax: (001) -952-996-4830 ? Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA The views expressed in this email do not represent Best Buy or any of its subsidiaries. -----Original Message----- From: Steven M. Bellovin [mailto:smb () research att com] Sent: Thursday, June 28, 2001 1:49 PM To: hermit1 Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] ASP In message <5.0.2.1.2.20010626121501.00aad070 () popserv ucop edu>, hermit1 writes :
Is there a general feeling about the safety of Active Server Pages? I know
a little about what needs to be done with the OS and on the programming side to keep ASP from being wide open to attackers. Is there a preferred alternative?
*All* server-run scripts -- ASP, CGI, XYZZY -- are network services being offered to the public. As such, they should be treated with extreme suspicion. In particular, these are the reasons you don't want your Web servers on the inside of your firewall. --Steve Bellovin, http://www.research.att.com/~smb _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: ASP Scott, Richard (Jul 03)