Le vendredi 01 juillet 2005 à 15:34 -0400, R. DuFresne a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > considering the history of php, and many php applications and their > bi-weekly appearance in the various sec lists for newly discovered vulns, > how afe is this application and would one want to place it on or near > their main security device? This application exists since some years now and we have proceed to some code audits and have carefully checked user entries to avoid SQL injection or other problems. The other point is that this application has not to be available for evryone has it contains private information. Thus, it can be protected from "bad people" by authentication or other mean. To be simple, access has to be restricted to admins. An other point is that permissions on the MySQL database should and can be carefully set to have only read-only permission on the table containing the ulogd/NuFW logs. This restricted permissions can assure that the logged datas can not be corrupted. Futhermore, in the case of an Ulogd installation, the logged packets can be duplicated in syslog, thus any hypothetic datas corruption is armless. Finally, as ulogd can log on a database running on a separate host, your firewall is safe as there is no server running on it. BR, -- Eric Leblond <eric@xxxxxx>
