[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RAQ3 vulnerabilities

Subject: RE: [cobalt-security] RAQ3 vulnerabilities
From: "Gary M. Root" <groot@xxxxxxxxxxxxxxx>
Date: Wed, 5 Dec 2001 06:20:06 -0800
Organization: Liquid Spark, LLC
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Michael,

I understand the point about dynamic pages being generated, but there
must be at least some common word or phrase within each HTML template
document that you can scan for, no? We have the same situation of
dynamically-generated pages using PHP, but the pages follow Steve's
scenario whereby the templates don't change, only the content being
dished up from the MySQL database. We can embed any phrase we like in
the document and simply scan the template every 30 seconds from an
external PC to make sure the phrase is still embedded.

-Gary

"Michael Stauber" <cobalt@xxxxxxxxxxxxxx> wrote:
> > You might try using What's Up Gold to do HTML content scans on your 
> > pages.
>
> I have something like that installed on the server itself.
>
> But as I said: This will only work on static HTML pages. When the 
> content
on
> the page is dynamically generated by PHP, PERL or ASP and therefore
changes
> with almost every request, then you will get nothing but false alerts.

> So
I
> didn't include that website in the automated daily scan.

I'm probably bringing this to the point of being off-topic, but whether
the page content is dynamic or not, the size and checksum of the actual
files on the server won't change unless the files themselves are edited.
In other words, whether the files serve static or dynamic content is
irrelevant, unless your files actually rewrite themselves.  And I hope
they don't since it would be much more secure for the dynamic data to be
stored in a database or files outside of the web tree which are called
from the actual files in the web tree, in which case your
checksum/date/size checker can be set to ignore the appropriate files.
Of course if your goal was to receive notification about files or
database entries that have been defaced or hacked you've just ignored
them.  :-(  Or am I misunderstanding you completely?  I suppose you
could be dynamically generating static HTML files from scripts.  That's
a good strategy for a high traffic site under a lot of load where it's
not important for the changes to appear in real time, but it doesn't
seem to make sense otherwise.  Now I'm curious...

--
Steve Werby
President, Befriend Internet Services LLC http://www.befriend.com/

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Michael Stauber
- [cobalt-security] worried about seeing connections to :81
  - From: william ross

References:
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Steve Werby

Prev by Date: [cobalt-security] Apache Vulnerabilities
Next by Date: Re: [cobalt-security] RAQ3 vulnerabilities
Previous by thread: Re: [cobalt-security] RAQ3 vulnerabilities
Next by thread: Re: [cobalt-security] RAQ3 vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index