July 15, 2009 at 6:04 am
Please categorize the list of database security issues for an application.
July 15, 2009 at 7:47 am
What type of application are you using i mean webapp or gui based like vb app
[font="Verdana"]Thanks
Chandra Mohan[/font]
July 15, 2009 at 1:47 pm
More detail is definitely needed. In addition to the questions asked:
- How is the app connecting to the database?
- What types of access do end users have?
K. Brian Kelley
@kbriankelley
July 16, 2009 at 6:11 am
My application is Web application.
and,
the following are implemented in the database side:
very least privilieges are given to the access the application,
sql server is under firewall security,
a separate server is available only for database.
Backup mechanism is implemented using job.
Can you please suggest me, apart from these,
are they anything to implement?
Thanks
Ramani.
July 16, 2009 at 7:39 am
You're biggest concerns are:
- The web server gets hacked and the database gets exploited (and potentially the SQL Server). The way to reduce this impact is to restrict the permissions the web account is connecting with. Only give it what access it needs. Do not use dbo and certainly do not use a sysadmin server role.
- SQL Injection. However, this isn't something you can handle at the SQL Server layer. It's an input validation issue at the web application layer. You can reduce the chances of this by ensuring the application is coded to check input and using Command objects and Parameters in ADO or ADO.NET.
K. Brian Kelley
@kbriankelley
July 16, 2009 at 10:37 pm
Thanks Brain.
Thanks a lot.
Regards,
Ramani.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply