struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Thomas <>
Subject Re: [OT] Application Security
Date Wed, 11 Jun 2003 11:52:00 GMT

On 10/06/2003 17:47 Denis Avdic wrote:
> Hello,
> This is really off topic, but since everyone is working in similar 
> conditions I though I'd ask you all a question.
> How is everyone handling security in your applications?
> More specifically, we have a site where someone violated our acceptable 
> use policy and basically tried to retrieve all our data through a 
> previously unseen hole.  Now, we patched it and we can definitely go on 
> and keep patching holes when we find them, but I would like to set up 
> something to prevent that from happening in the first place.  I am 
> talking about setting up an Intrusion detection system or something 
> similar, where I could be at least alerted in real time that something 
> funky is happening, and that I don't have to accidentaly stumble across 
> the action in the log file.  How are you (if you are) handling this?  
> Are there open source tools to set this up?  Commercial?

Sounds like you're following the M$ security model - throw any old crap 
out of the door then patch, patch, patch ... Still, Bill Gates has done 
very nicely out of it so maybe this method has commercial benefits.

Seriously though, how do you expect anyone to be able to give an answer to 
this? At what level did the intrusion take place? OS? Service? Application 
server? Application?

Paul Thomas
| Thomas Micro Systems Limited | Software Solutions for the Smaller 
Business |
| Computer Consultants         |   |

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message