|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Cryptocard database
From: Noel Rosenberg (noel
thesubnet.net)
Date: Fri Feb 18 2005 - 17:04:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 16 Feb 2005, John Madden wrote:
| Doing an internal pen-test for a company i came across
| a mysql db that contains the Cryptocard tokens
| database (root with no password)
Not only should the mysql be secured, it shouldn't even be accessable from
off the machine that needs to query the database.
IIRC, cadmind actually wanted to talk via the network port only, so we
allow networking for mysql, then firewall off 3306 to only allow
connections from the local system.
-Noel
---Noel Rosenberg
---noelthesubnet.net
---Sleep Vampire
---"One does not win a mud-slinging fest by getting into the mud;
--- The pigs have the home field advantage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]