WebApp Sec: RE: Securing password between webserver & appserver.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

RE: Securing password between webserver & appserver.

From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Tue, 8 Sep 2009 14:14:00 +0100

Or why not bypass the webserver altogether 
for auth if itisnt trusted. Send credentials 
directly to the app server, that is assuming 
the app server is publicly accesible.


Yup, would work. However, it would be a novel situation in which the
credentials were sensitive, but the data was not.

I would personally be trying to resolve the untrusted web server
situation...

Martin...

By Date By Thread

Current thread:

RE: Securing password between webserver & appserver., (continued)
- RE: Securing password between webserver & appserver. Ken Schaefer (Sep 07)
- Re: Securing password between webserver & appserver. Till Elsner (Sep 08)
  - Re: Securing password between webserver & appserver. bigbert007 (Sep 08)
    - RE: Securing password between webserver & appserver. Calderon, Juan Carlos (GE, Corporate, consultant) (Sep 09)
- RE: Securing password between webserver & appserver. Martin O'Neal (Sep 07)
- RE: Securing password between webserver & appserver. Martin O'Neal (Sep 08)