All Questions
Tagged with databases sql-server
29 questions
1
vote
0
answers
296
views
How should SQL Server users be managed for a multi-tenant application?
I've looked extensively for a duplicate question, but I couldn't find anything that answers this question exactly.
I have a SQL Server that will be used to store data for a multi-tenant application. ...
- 111
1
vote
2
answers
588
views
Weird entry in SQL Server database, is this a result of SQL Injection?
I stumbled upon a case where several database entries were updated. And the update is rather unusual.
For example if I have an entry named:
Watermelon
The updated version is:
Watermelon<IMG SRC=&...
- 23
5
votes
1
answer
604
views
Giving different passwords to the app servers to access the same database. Pros and Cons?
Let's say we have
one db server.
three app servers with full database access.
Which scenario is the best?
Each app server connects to that one database with different passwords.
Example: app srv 1 ...
- 153
1
vote
0
answers
156
views
Does TDE not protect against disk theft?
I read the following on Microsoft's site. Can someone please clarify -
"With TDE, is the data stored in my data, log, and backup files protected from a disk theft?"
Yes, but only if the files ...
- 13
0
votes
2
answers
215
views
Does choice of DBMS matter for protection against XSS and other injection attacks?
I am choosing between the three most used databases, MySQL, Microsoft SQL Server and MongoDB. I have to choose the most secure database from these three.
Does my choice of DBMS has a role in ...
- 115
-1
votes
1
answer
380
views
Attempting SQLi against website with WAF filter [closed]
I was pentesting a website when I discovered that the URL included the id parameter. Because of this, I knew that the id parameter might be vulnerable to SQLi. I received a 200 response and found no ...
- 61
0
votes
1
answer
844
views
Database logs have multiple "Logon Login failed for user" from different IPs
Background: I have an SQL Server database running on Amazon RDS
The AWS dashboard has a section for logs and whenever I check the logs I see the following:
2018-04-27 06:10:26.00 Logon Error: 18456,...
- 483
2
votes
1
answer
206
views
SQL Security Questions
The CISO of my company is currently away and as IT manager I have been asked to send some security questions to a company hoping to implement an SQL database to manage salaries, orders etc.
I have ...
- 21
2
votes
1
answer
584
views
Why Microsoft claims that SQL Server is the least vulnerable database? [closed]
Microsoft claims in their official site that “SQL Server is the least vulnerable database for six years running in the NIST vulnerabilities database”, I reviewed the NIST web site, but I can’t find a ...
- 143
2
votes
1
answer
1k
views
How can MS Access work with an encrypted field in a Linked SQL Server table?
I have an MS Access .accdb file that acts as a front-end to a SQL Server database. There is a table that holds SSNs in plain text. We want to encrypt those SSNs in the table so that, the user can ...
- 121
-4
votes
1
answer
472
views
Safest SQL database [closed]
I am going to run a Tor Hidden Service on a Linux server. My site will have an SQL database. This DB contains user login, and a few other basic details.
If it makes a difference depending on the ...
- 1,292
1
vote
1
answer
2k
views
Store SHA256 in sql-server
I need to develop a payment gateway and I've just realized I need to store an HMAC_SHA256_V1 key for authentication operations. The way that this is done is: the browser calls a WCF service that ...
- 111
1
vote
3
answers
183
views
Securing online SQL database and server [closed]
I am trying to build a big project but lack the knowledge of security of servers and SQL. So, please help me by telling what necessary steps should i take.
Block all remote access :- I have heard that ...
- 113
18
votes
5
answers
7k
views
Is sending plaintext passwords to a SQL Server database a security risk?
I have a database which has stored procedures which take plaintext passwords. It hashes them and inserts them into the DB.
If an attacker has access to the DB connection, it is possible to intercept ...
- 749
3
votes
1
answer
1k
views
How to sniff [possibly encrypted] TDS protocol data from the host the client application is installed on?
Let's say, there is an .NET application on a windows 7 host where I have administrator's access rights.
The application works with remote MS-SQL server which I don't control, it also seems that the ...
- 275