Basic HTML version of Foils prepared April 7 1998

Foil 87 Secure Server Example-NPAC Grading System-2

From Basic Principles of Java and Internet Security CPS616 Web Technologies -- Spring 98. by Geoffrey C. Fox
The original primitive version of the Grading System had two security flaws
  • 1- Communication between the browser and the database server was not a secure channel.
  • 2- The CGI directories, which provide access to the database, was not completely private to the public.
  • Because of the design issues of the Oracle database web link, database passwords are located in the CGI directories. Somebody could easily steal the password, access the database and modify the records.

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Sun Nov 29 1998