Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stand Alone Application vs Client/Server

From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Sat, 18 Apr 2009 19:38:26 -0400
It all depends on how you have things configured. We hack into customer networks that have them separated and it doesn't slow us down all that much. The fact is, if the application can access the DB then so can a hacker once the application is pwned. You can install some safety measures that will slow a hacker down even more, but alas its still 
just a matter of time.  Harden your app. :)


On Apr 17, 2009, at 8:58 AM, M.D.Mufambisi wrote:


Hi folks,

What in your opinion is more secure....an application sitting on the
same computer as its datafiles/database or one that has the
datafiles/or database on a server and the application on a separate
machine?

Im just reviewing a client who as an application that sits on the same
computer as its datafiles. This computer is in a windows domain.
Wouldnt it be better if the datafile were on the server and have
access permissions set there?

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. 

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------





        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 
http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: