« December 2009 | Main | February 2010 »

January 2010

January 30, 2010

Is your web server an all inclusive resort?

The Apache web server is a versatile product with lots of options to configure and support a wide variety of web applications.  It can act as a proxy server, directly run applications such as Perl and PHP, front-end a Java application server, or just serve up content.

This reminds me of the all inclusive resorts like Club Med.  All the activities, food, and drink are available in one place.  However, even these resorts modify their model to appeal to specific clientele.  The resort locations and activities are designed to fit the groups they cater to.  You can go to a resort that is setup for families, for couples, or for singles.  While the overall experience is consistent with the resort's philosophy, the activities available at individual clubs can vary widely.

When you are configuring the web server to support applications are you setting the options to cater to your clientele?  This can improve the overall security and performance of your site.

Continue reading "Is your web server an all inclusive resort?" »

Posted by Brian Mulreany on January 30, 2010 at 08:17 AM in Apache, Security Architecture, Web/Tech | | Comments (1) | TrackBack (0)

| | | |

January 24, 2010

Keep a tight lid on HTTP headers

The web server is a common infrastructure component supporting a wide range of applications.  If you manage the web server, then you are the community manager, and you have a responsibility to maintain the reputation of the community.

The weather has been very windy lately.  Some people in the neighborhood put out their garbage and don't put a tight lid on the trash can.  Of course, the trash blows down the street and into other yards.  Now a few of the people in the neighborhood do not see this as a big problem.  After all their yard looks fine, and their trash is gone.  The president of the homeowners association has been sending out emails to remind people to put a tight lid on their trash cans.

Software vendors or application providers sometimes have the same attitude when you report a cross site scripting or HTTP response splitting issue.  The reaction seems to be "How does this affect me"?

Continue reading "Keep a tight lid on HTTP headers" »

Posted by Brian Mulreany on January 24, 2010 at 11:47 AM in Security Architecture, Web/Tech | | Comments (0) | TrackBack (0)

| | | |

January 17, 2010

Oracle Announces Cumulative CPU Patches for E-Business Suite 11i

With the release of the Critcal Patch Update for January 1020 Oracle has made E-Business Suite 11i patches cumulative. While Release 12 customers have had this capability, this is a welcome relief for 11i customers, making it much easier for them to stay patched current.

The prerequisites are minimal. You need to be at least at version 11.5.10 CU2 ATG RUP 6, but this is no more strict a requirement than previous (non-cumulative) CPU's.

There are also potentially a few prerequisite and post installation patches depending on the products you have enabled but these are also limited in number.

Overall, we are very pleased with this announcement. The only folks this is not sure to please are those that were using this as their last lame excuse for not applying E-Business Suite CPUs. 


Posted by Kevin Sheehan on January 17, 2010 at 12:17 PM in Oracle CPUs, Oracle E-Business Suite | | Comments (0) | TrackBack (0)

| | | |

January 10, 2010

Checking out Oracle OHS Apache 11.1.1.2

Taking a tour of the latest Oracle HTTP Server (OHS) 11.1.1.2 release from a security perspective.  This uses a simple red, yellow, green scale to assess how that configuration item was addressed in this release.

Continue reading "Checking out Oracle OHS Apache 11.1.1.2" »

Posted by Brian Mulreany on January 10, 2010 at 08:00 PM in Apache, Security Architecture, Web/Tech | | Comments (0) | TrackBack (0)

| | | |

Categories

Archives

More...

Trusted Products

Trusted Resources

  • Alexander Kornbrust
    Founder, Red-Database-Security GmbH
  • David Knox
    Author of "Effective Oracle Database 10g Security by Design"
  • David Litchfield
    Co-Author of "Database Hacker's Handbook" and Author of "Oracle Hacker's Handbook"
  • Pete Finnigan
    Founder of PeteFinnigin.com Limited and author of "Oracle Security Step by Step".
  • Randy Giefer
    Founder of Solution Beacon, LLC, Co-Author of "Installing, Upgrading and Maintaining Oracle E-Business Suite Applications Release 11.5.10+"
  • Stephen Kost
    Founder and Chief Technology Officer at Integrigy Corporation
Kevin Sheehan
Kevin Sheehan
Add me to your TypePad People list
Subscribe to this blog's feed