Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Two-Headed Hard Drive Intended To Secure Web Sites

Posted by timothy on from the or-serve-from-a-dreamcast dept.

dlur writes: "This article states that Scarabs (In Japanese), a Japanese company, is developing a hard drive with two heads, one read-only and another that is read/write. With this comes two cables, the read-only side going to the external web server, and the r/w cable going to an internal protected server. While this should make it quite a bit tougher for script kiddies to place their mark on a page, I doubt it will stop any real hackers from getting to a site's DB as that would still need to be r/w."

2 of 354 comments (clear)

  1. Re:Hey before you go out and buy one by doughnuthole · · Score: 5, Informative

    Or you could put a switch on IDE pin 23, the write line. Flipping the switch to disconnect the line would prevent any data from being written, while still having the higher speeds and lower seek times of a hard drive.

    It would be simple to just flip the switch, modify your files and then switch it back when you are done so no changes can be made later.

    Even better, put it on an electronic keyswitch mounted on the front of the box, and you have an effective security system for things like demo stations and kiosks.

  2. good for dumb MBAs / VC and idiot security staff by noahbagels · · Score: 5, Informative

    Great.

    Now, we have to explain one more thing to VCs and MBAs. All they know is there is this thing called a website that exists on a thing called a webserver.

    Hasn't anyone on /. ever taken a security class?
    Has anyone on /. ever worked in on security projects and/or audits?

    Let me break it down for the rest of you:
    This ads exactly zero extra security for a well-run website. Most well-run sites already have seperately firewall'd http-webservers and database machines. Some well-run sites have the application server on yet a third firewall'd network (or vlan etc).

    Any place worth 5cents will not have valued data sitting on an httpd server!

    This is really Ooooga-Boooga in a nutshell for VCs and MBAs trying to make a buck on security-scared VCs and MBAs running other companies.

    I don't buy it.
    Secure your site properly - as one other poster mentioned, for the less-funded (read: cheap/poor/startup/blah) company/service you can simply mount a CD-R with your site's static content on it. Even JSPs can live on a CDr (as long as they're precompiled into servlets, or there's a scratch disk for the JSP-container to compile them).