Security on the Web

Open Source Data Base Management System

There has been some recent news about security issues with the Open Source Data Base Management System (DBMS), Postgresql. These issues were mostly, but not entirely, about foreign language support and certain character sets. There were also issues that arose from poor access practices or insufficient controls from web-based applications.

Validation Measures

At Lighthouse Information Systems, we strive to stay on top of all of these issues. Postgresql released updates for all of their production lines. We have updated our database and ensured that the hosting companies used by our clients applied the patches or updates to their installations. In addition, it is important to note, that our programs and products go to extreme lengths to validate our data and ensure your database security.

Our programs never pass SQL (Structured Query Language) commands directly to the database. Instead, we pass the data needed and then filter that data for cross-scripted hacks and direct SQL access. So your data is safely stored and your system remains secure. We will continue to monitor the progress of Postgresql and ensure that we always have the safest and most reliable versions installed.

Further Protection

In addition to the database hacks, recent attempts to expose systems have been made through PHP and other web scripting languages through their use of Extensible Markup Language (XML). PHP, and other scripts use XML libraries and, some use Remote Procedure Calls. While our programs use XML, they do not rely on XML-RPC which has been the root cause of the problems. It has been discovered that some of the third party programs that we have had experience with used this library.Whether or not a system uses those libraries, the libraries have been upgraded to their more secure versions. The programs that use them have been either upgraded to be more secure, or been discontinued for a newer, more secure program.

Security Goal

Finally, it is always our goal to stay on top of the security issues that may affect your programs and projects so you don't have to. Our server software is kept up to date and we work with the hosting vendors to ensure the same. We are confident in our ability to protect your systems.

< Return to Article Archive

• Press
• Articles
• E-Week
• NewsForge

 Contact us to discover how Lighthouse can apply knowledge to your business goals