Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Hardcoded Database IP in ASP
From: "Darryl Stevens" <darryl_stevens () hotmail com>
Date: Fri, 15 Sep 2006 13:39:50 -0400

I'm looking at a SQL Server 2000. I was brainstorming and came up with the following idea: Setting up a one node cluster and using the virtual address (NetBios) as static input into my ASP script. Thoughts?



DARRYL K. STEVENS...........SILKY SMOOTH................
...........That's my story and I'm sticken to it.........





From: "William Woodhams" <William.Woodhams () wegmans com>
To: "Darryl Stevens" <darryl_stevens () hotmail com>,<webappsec () securityfocus com>,<pen-test () securityfocus com>
Subject: RE: Hardcoded Database IP in ASP
Date: Fri, 15 Sep 2006 08:12:19 -0400
MIME-Version: 1.0
Received: from CRP638.wfm.wegmans.com ([65.37.79.144]) by bay0-mc6-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 15 Sep 2006 05:12:21 -0700 Received: From crp814.wfm.wegmans.com ([172.21.18.66]) by CRP638.wfm.wegmans.com (WebShield SMTP v4.5 MR2);id 115832234079; Fri, 15 Sep 2006 08:12:20 -0400 Received: from CRP865.wfm.wegmans.com ([172.21.18.61]) by crp814.wfm.wegmans.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 15 Sep 2006 08:12:19 -0400
X-Message-Info: LsUYwwHHNt10tPHTrS6dVEk9unDQHIhrkBfKJy7NNA8=
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Hardcoded Database IP in ASP
Thread-Index: AcbYQPzhs1nbLnUDQQ+LOxFf4CglYgAfx0oQ
Return-Path: William.Woodhams () wegmans com
X-OriginalArrivalTime: 15 Sep 2006 12:12:19.0891 (UTC) FILETIME=[314A4830:01C6D8C0]

What type of DB are we talking about?


Bill Woodhams
Systems Technician
Development Group-Technical Systems
(585)429-3183
William.Woodhams () wegmans com

Newcastle United signs Michael Owen...Enough Said!
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Darryl Stevens
Sent: Thursday, September 14, 2006 2:28 PM
To: webappsec () securityfocus com; pen-test () securityfocus com
Subject: Hardcoded Database IP in ASP

Hello fellow Security Guru's.

I've been on the distro from sometime and gaining a lot of insight into
various security issues.

Question: I have ASP script that points to a backend database residing
on
seperate physical server. Is there any known way of getting around using
a
hard-coded IP address to point to the database? Would utilizing the OS
hosts
file serve my purposes of and satisfy secure code practices? Thanks
guys.

Darryl



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault