Re: Unable to Browse Internet
From: Matt Wagner [MSFT] (mattwag_at_online.microsoft.com)
Date: 10/13/04
- Next message: Jerry M: "Continuous reboot of Windows Server 2003 standard"
- Previous message: Torgeir Bakken \(MVP\): "Re: Set date format through GPO?"
- In reply to: RAJ: "Re: Unable to Browse Internet"
- Next in thread: Miha Pihler: "Re: Unable to Browse Internet"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 12 Oct 2004 18:28:32 -0700
RAJ:
The SQL injection attack is the result of a defect in the way an application
uses user input in a SQL query. I'm not aware of a method of blocking SQL
injection without modifying the offending application. Your best bet would
be to sit down with your developers and ensure they understand the dangers
of SQL injection and understand how to prevent it in their code.
Matt Wagner
Enterprise Engineering Center
Microsoft Corporation
-- Legal Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only. "RAJ" <RAJ@discussions.microsoft.com> wrote in message news:7837A2F8-C8AD-459F-95DD-8BCEF094FD8A@microsoft.com... > Understood. Prevent/Limit access to the internet from the DMZ in order to > prevent again spyware infection and the like. Block port 80 from the DMZ > going out to the internet. > The reason internet access was needed is because a developer/consultant > creating the website needed to access his FTP site. > I'm going to block internet access. > However, I did some reading on preventing sql injection in the past two > weeks, however fully understanding the documentation was difficult because > it > required SQL knowledge, which I don't have. Any suggestions on how I can > prevent this type of attack without becoming sql proficient? > > > > > "Miha Pihler" wrote: > >> <snip> >> >> Hi, >> >> answers are in line... >> >> > Understood. How would you suggest I change the configuration of the >> server >> > setup, keeping in mind it's main purpose is to host a world wide >> > website. >> If >> Microsoft Security Guidance Center: Internet Information Services (IIS) >> Index >> http://www.microsoft.com/security/guidance/prodtech/IIS.mspx >> >> > I take it out of the DMZ it won't be accessible. >> >> Sorry, I am not sure what you mean by this. I never suggested that you >> take >> it out of DMZ. >> >> My suggestion is to limit access to the internet from servers in the DMZ >> (e.g. why would you need to surf from web and SQL server? How about >> spyware >> that will get on this server? To check webmail or e-mail with e.g. >> Outlook >> Express? Even worse then browsing. Risk of infecting server with virus >> spreading by e-mail is quite high... etc...). >> >> What I am trying to say is: >> * what are the reasons (need) to browse from server to the internet >> (there >> can be good reasons -- maybe a good reason is access to windows update -- >> but you don't need access to whole internet to access web update) >> >> If you disable access from the server to the internet this doesn't mean >> that >> the you can't access web server from the internet... >> >> > Should I have not had the website & SQL on the same server? >> >> It deepens how sensitive is the data stored in SQL... >> >> <snip> >> >> >>
- Next message: Jerry M: "Continuous reboot of Windows Server 2003 standard"
- Previous message: Torgeir Bakken \(MVP\): "Re: Set date format through GPO?"
- In reply to: RAJ: "Re: Unable to Browse Internet"
- Next in thread: Miha Pihler: "Re: Unable to Browse Internet"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
