RE: Hardcoded Database IP in ASP

From: Darryl Stevens (darryl_stevens@hotmail.com)
Date: Fri Sep 15 2006 - 13:39:50 EDT


I'm looking at a SQL Server 2000. I was brainstorming and came up with the
following idea: Setting up a one node cluster and using the virtual address
(NetBios) as static input into my ASP script. Thoughts?

DARRYL K. STEVENS...........SILKY SMOOTH................
...........That's my story and I'm sticken to it.........

From: "William Woodhams" <William.Woodhams@wegmans.com>
To: "Darryl Stevens"
<darryl_stevens@hotmail.com>,<webappsec@securityfocus.com>,<pen-test@securityfocus.com>
Subject: RE: Hardcoded Database IP in ASP
Date: Fri, 15 Sep 2006 08:12:19 -0400
MIME-Version: 1.0
Received: from CRP638.wfm.wegmans.com ([65.37.79.144]) by
bay0-mc6-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 15
Sep 2006 05:12:21 -0700
Received: From crp814.wfm.wegmans.com ([172.21.18.66]) by
CRP638.wfm.wegmans.com (WebShield SMTP v4.5 MR2);id 115832234079; Fri, 15
Sep 2006 08:12:20 -0400
Received: from CRP865.wfm.wegmans.com ([172.21.18.61]) by
crp814.wfm.wegmans.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 15 Sep
2006 08:12:19 -0400
X-Message-Info: LsUYwwHHNt10tPHTrS6dVEk9unDQHIhrkBfKJy7NNA8=
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Hardcoded Database IP in ASP
Thread-Index: AcbYQPzhs1nbLnUDQQ+LOxFf4CglYgAfx0oQ
Return-Path: William.Woodhams@wegmans.com
X-OriginalArrivalTime: 15 Sep 2006 12:12:19.0891 (UTC)
FILETIME=[314A4830:01C6D8C0]

What type of DB are we talking about?

Bill Woodhams
Systems Technician
Development Group-Technical Systems
(585)429-3183
William.Woodhams@wegmans.com

Newcastle United signs Michael Owen...Enough Said!
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Darryl Stevens
Sent: Thursday, September 14, 2006 2:28 PM
To: webappsec@securityfocus.com; pen-test@securityfocus.com
Subject: Hardcoded Database IP in ASP

Hello fellow Security Guru's.

I've been on the distro from sometime and gaining a lot of insight into
various security issues.

Question: I have ASP script that points to a backend database residing
on
seperate physical server. Is there any known way of getting around using
a
hard-coded IP address to point to the database? Would utilizing the OS
hosts
file serve my purposes of and satisfy secure code practices? Thanks
guys.

Darryl

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:57 EDT