[3943] in WWW Security List Archive
www, database and security
daemon@ATHENA.MIT.EDU (Scherer Annette)
Thu Jan 9 12:54:28 1997
Date: Thu, 9 Jan 97 13:27 +0100
From: Annette.Scherer@t-online.de (Scherer Annette)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Hi,
Thank you for your answers to my question about www security
mechanisms. I think, I now have a good overview of www-server
security, transaction-security....
I now still have one more question, a more specialized one:
We use a database server in a virtual university application.
So I need to know about additional security problems, that can
arise in this case.
More concretely
1) Which methods exist to connect a database to the web?
(Up to now I know about Sybase CGI interface and
Sybase NSAPI interface - which else do exist?)
2) Which security problems can arise with these methods?
3) Where can I get information about database security
especially when used with a web server?
3.1) Where shall I do access management
(Is it best done in the operating system
in the web server or
in the database?)
3.2) How can I preserve consistency, when the database
content is complex www-content (HTML-documents,
postscript-texts, pictures...)?
3.3) How can I do version management?
4) How can I integrate existing web security like SSL, S-HTTP,
secure authentication schemes into our database driven
application?
5) Do you know any database server products, www server
products or products that connect www servers and
databases, that do yet realize those needs?
6) Are there other things to be considered, I do not know up to
now?
Many thanks for your answer.
I appreciate any answer to any of the above questions, any other
information related to these topics, any adress of people or
organizations that have experience with these topics or work on
a similar application.....
Annette Scherer
Fernuniversitaet Hagen
annette.scherer@t-online.de
