Oct 03

Build security into your systems part 7

8. Do not store database files or any sensitive data in the Web folder (or sub-folders).
9. Enable log files to track the IP address of users who are accessing your web published files (as well as the date and time of requests, and other options). Check these logs to make sure there is no unauthorized access.
10. With most databases, you can limit access to users who use an IP address that you specify in advance. When hosting files on a server, you can set limitations on client IP addresses in the web server application.
11. If you are hosting web-published databases with a server, you can use additional security measures like SSL encryption, which may also be available with your web server application. In addition, you can disable the web publishing technologies that you are not using.
12. If you are hosting web-published database with a server, remember that the server will use certain ports and protocols to communicate with the web server. You may have to open ports or allow protocols on your host computers and firewalls, which could leave you vulnerable if you don’t take the appropriate security precautions.
13. If you are hosting databases with a server and using the web publishing option, make sure you test your security from a web browser to see which elements might be exposed.

Leave a Reply