Application Object/Data Caching Security

Results 1 to 2 of 2

Thread: Application Object/Data Caching Security

  1. #1
    Joe G Guest

    Default Application Object/Data Caching Security

    Hi,<BR> I am working on a caching system for my companies web site. I will be using the Application Object to store database info instead of having the database hit every time the page is viewed. The information will update every 15 minutes. Are there any security problems with this approach? Can the information be altered in any way by a viewer? I will be storing product information such as prices in the application object. My boss is worried that these values could be altered and I need to prove to him that they cannot.<BR>Thanks.

  2. #2
    Join Date
    Dec 1969

    Default RE: Application Object/Data Caching Security

    Once the information is in memory, it can&#039;t be directly modified even by an administrator - it can only be changed by an ASP script which obtains a lock on the Application object first. So, unless you are allowing people to upload and run their own ASP scripts you should be pretty safe.<BR><BR>If I were to want to modify data in your cache, I would first have to hack myself administative or authoring rights on your server, reverse-engineer your cache by reading the source code, write a script to do the modifcations to the Application object and run it. If I can do that, I can do ANYTHING on your box - it would probably be easier to go straight for the DB than to modify data in the Application object...<BR><BR>Dunc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts