Monday, June 26, 2006

winhttp autoproxy service - Security Issue?

When I changed an app to run under a non-windows administrator account (as it should have been in the first place but that was explained two posts ago) someone was somehow trying to start the winhttp autoproxy service about 15 times. The only thing running under this user name was my web app. Therefore I must assume someone has hacked my application somehow and was trying to fire up the service.

I am using Jboss and about to switch to another platform because I am nervous about so many functions in Jboss that it actually creats a myriad of security holes. Because I have written an optimized application I don't need all that functionality and will opt for a lighter application to serve up the pages.

Aha! You say - but it could be a cross site scripting attack and that will affect you no matter what web server you are using. True, but my whole application and all forms run on one underlying form processing functionality and all database calls are checked to be sql safe in this process.

True I could have missed something and I already have further enhancements planned, but the less convoluted-ness you have on your system and the less "things" running the less chance for a security breach. You just eliminate additional possiblities.

I feel a new post coming on related to system convolusion (is that a word?) ...stay tuned...