Penetration Testing mailing list archives
Re: Stand Alone Application vs Client/Server
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Sat, 18 Apr 2009 19:38:26 -0400
It all depends on how you have things configured. We hack into customer networks that have them separated and it doesn't slow us down all that much. The fact is, if the application can access the DB then so can a hacker once the application is pwned. You can install some safety measures that will slow a hacker down even more, but alas its still
just a matter of time. Harden your app. :) On Apr 17, 2009, at 8:58 AM, M.D.Mufambisi wrote:
Hi folks, What in your opinion is more secure....an application sitting on the same computer as its datafiles/database or one that has the datafiles/or database on a server and the application on a separate machine? Im just reviewing a client who as an application that sits on the same computer as its datafiles. This computer is in a windows domain. Wouldnt it be better if the datafile were on the server and have access permissions set there? ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteLearn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteTired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.
http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Stand Alone Application vs Client/Server M.D.Mufambisi (Apr 17)
- Re: Stand Alone Application vs Client/Server Adriel T. Desautels (Apr 21)