• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Database targeting

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Databases

View previous topic :: View next topic  
Author Message
hnprabhu
Just Arrived
Just Arrived


Joined: 06 Dec 2006
Posts: 0
Location: Mumbai, India

Offline

PostPosted: Wed Aug 22, 2007 4:42 pm    Post subject: Reply with quote

How can a legitimate user with limited access rights, modify tables.in a database ?

I do not think this is possible. In my opinion most of the hacking does not happen through legitimate logins
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Wed Aug 22, 2007 6:09 pm    Post subject: Reply with quote

Quote:
How can a legitimate user with limited access rights, modify tables.in a database ?


They can't; at least not leaving a trail big enough for prosecution. At any rate, and article I was reading on darknet cites that only 15 of companies interviewed extend best practices to database security. Database security is pretty simple. Allow users only those privileges they need, on only those tables they need, and only in the database they need. As much as is possible, allow users only a controlled vocabulary to access the dtabase. Where it is not possible, sanitize the input. Catch the errors generated by the database so they don't get back to the attacker (this is assuming that the database is being accessed by some viewer). Don't allow command line access from outside the network (if possible). If not, use VPN.

Once an attacker has raw access to the database, they own it, and it is only a matter of time before they get what they need. doing a mysqldump will give you a flat file representing all of the data in the file. It may be a huge file, but a file can be searched for stings of interest.

I don't think it is so much a question of who attacks the database, but how they are able to get access in the first place.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Databases All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register