Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: bacano (bacanoesoterica.pt)
Date: Mon Sep 24 2001 - 14:10:53 CDT
About designing web apps, I would like to put to discution the
implementation on distributed web servers (a tree of several web and
application servers, where the 'visitor' will see only a site). Related with
this, there is the Null Logging Servers, where this can be a server not to
deliver content but to accept log data. Any security (dis)advantages in
using this kind of web design? since a log entry can provide a host name,
cookie value, time and content information, I wonder if there is a kind of
specific attack on a structure like this, or if it is the other way around
and this can improve somehow security since content itself is not provided?
Regarding an audit on this kind of implementation, since there may be
several application servers related somehow, is there any kind of
distributed auditing method for this? does "distributed auditing" make
sense? for example, while app server 1 is 100% ok, problems on app server 2
can compromise app server 1, so an audit must consider also every kind of
relations beetwen both servers.
And regarding the design itself, is there other tools like MS Visio 2000?
anything like it for Linux?
[ ]'s bacano