SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Hybrid View

  1. #1
    SitePoint Addict Eric1776's Avatar
    Join Date
    May 2002
    Location
    Atlanta, GA
    Posts
    227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Which is the most secure?

    I'm curious about which web language/database/server option would be the most secure? Possibly to store important medical information?

  2. #2
    Bangarang! Karloff's Avatar
    Join Date
    Mar 2003
    Location
    Manchester, United Kingdom
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Securing publicly accessible websites featuring such sensitive data as medical records is no small issue and has less to do with what web language/database/server option you chose than with the skill of you developers, server admins and the internet data center that will physically host your application.

    Historically, Microsoft has been known to be the black sheep, but that doesn't mean a few PHP 'gurus' or JAVA 'wizards' would do it better only because they are deploying it on a LAMP (Linux, Apache, MySQL, PHP) infrastructure or such.

    Uhm... this is really a pretty tough topic to touch upon in a forum thus I would dearly recommend you consult apropriate literature or have someone consult in real on the issues you will need to consider.

    sorry for the lack of help from my side, just thought I might exclaim my honest opinion about this :-P
    Karl

    p.s. Maybe a few people here know some helpful online security resources?

  3. #3
    SitePoint Addict Eric1776's Avatar
    Join Date
    May 2002
    Location
    Atlanta, GA
    Posts
    227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not actually implementing anything like this. I'm just curious about other opinions on this topic.

  4. #4
    SitePoint Zealot matiefert's Avatar
    Join Date
    Nov 2001
    Location
    Bay area, California
    Posts
    188
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Eric1776
    I'm not actually implementing anything like this. I'm just curious about other opinions on this topic.
    Since you're in the US, you'd be required to comply with HIPPA standards (which you can Google for).

    cheers,

    Marj

  5. #5
    SitePoint Zealot Wilmot's Avatar
    Join Date
    Feb 2000
    Location
    Brisbane, Queensland, Australia
    Posts
    187
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the key here, as has already been mentioned, is the environment your system is operating within and the way the web application is developed/implemented.

    For example, if you are using ASP on an IIS box, there are a number of bugs in a default installation of IIS that would leave your entire system vulnerable. However, if you have a switched on administrator, the server should be patched and sufficiently locked down to stop these attacks.

    These initial problems are not just limited to Microsoft though. Serious security holes have also been found in most operating environments including PHP, Apache etc.

    In regard to other security issues. Many of these are the responsibility of the people designing the system and writing the code. For example, if you provide a non-secure login, anybody could potentially fire up a network sniffer and pluck login details as they go past. This particular problem could have been avoided by implementing some kind of encryption such as SSL/TLS.

    The moral of the story. Much of the time it is not what technologies are chosen, but how they are implemented that dictates the security of a system.
    Brad Culbert
    SQL Server 2005 Books
    www.SQLServer2005Books.com - Reader-rated SQL Server 2005 Books


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •