Re: [cobalt-security] RAQ3 vulnerabilities

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

"Michael Stauber" <cobalt@xxxxxxxxxxxxxx> wrote:
> > You might try using What's Up Gold to do HTML content scans on your
> > pages.
>
> I have something like that installed on the server itself.
>
> But as I said: This will only work on static HTML pages. When the content
on
> the page is dynamically generated by PHP, PERL or ASP and therefore
changes
> with almost every request, then you will get nothing but false alerts. So
I
> didn't include that website in the automated daily scan.

I'm probably bringing this to the point of being off-topic, but whether the
page content is dynamic or not, the size and checksum of the actual files on
the server won't change unless the files themselves are edited.  In other
words, whether the files serve static or dynamic content is irrelevant,
unless your files actually rewrite themselves.  And I hope they don't since
it would be much more secure for the dynamic data to be stored in a database
or files outside of the web tree which are called from the actual files in
the web tree, in which case your checksum/date/size checker can be set to
ignore the appropriate files.  Of course if your goal was to receive
notification about files or database entries that have been defaced or
hacked you've just ignored them.  :-(  Or am I misunderstanding you
completely?  I suppose you could be dynamically generating static HTML files
from scripts.  That's a good strategy for a high traffic site under a lot of
load where it's not important for the changes to appear in real time, but it
doesn't seem to make sense otherwise.  Now I'm curious...

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/