Basic HTML version of Foils prepared May 19 99

Foil 117 Secure Server Example-NPAC Grading System-2

From Remarks on Internet and Java Security Basic Information Track Computational Science Course CPS616 -- Spring Semester 1999. by Geoffrey Fox, Mehmet Sen
The original primitive version of the Grading System had two security flaws
  • 1- Communication between the browser and the database server was not a secure channel.
  • 2- The CGI directories, which provide access to the database, was not completely private to the public.
  • Because of the design issues of the Oracle database web link, database passwords are located in the CGI directories. Somebody could easily steal the password, access the database and modify the records.

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999