Wine Technology Blog @ WineWeb.com

Website Protection from Hackers

Posted At : September 2, 2008 12:34 PM | Posted By : Ron Kreutzer
Related Categories: Technology

Recently we learned of a wine-related website that had been hacked at a particularily bad time (not that there is a good time to be hacked). While we sympathize with them on the effort required to get their site back up, we were a bit concerned as their site was running the ColdFusion software like ours. After some research, we're able to rest a bit easier.

The hack was a cross-site scripting attack, where someone adds malicious database code to a URL or a web form field. If the web program that processes the data expects an ID field in which to access the database, doesn't validate that it's just an ID field, and passes the entire field to the database access routine, then bad things can happen. Luckily our websites have several layers of protection to not allow this to happen to us.

We've noticed lately an increase in the frequency and sophistication of attempted attacks to our websites, but have considered them an annoyance to our schedule, as we typically alert the hacker's ISP of the attempted hack. Good programming practices and keeping up-to-date on server software is always a good defense.

Comments (0) |

Print |

Send |

Tweet |

Ping.fm |

del.icio.us |

Digg It! |

Linking Blogs | 827 Views

Comments

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]

Introduction

Insight, comments and rants on the state of technology in the wine industry, from the folks at WineWeb, who provide winery and wine merchant websites, e-commerce and point-of-sale services, along with an electronic marketplace listing over 35,000 wineries and 200,000 wines.

Enter your email address to subscribe to this blog.

RSS