May 23, 2008 at 3:49 am
Hi All,
Today i have restored the database in morning and now i am once again facing an sql injection attack.He/she has got the loop hole in the application.
I would like to know who has done it or from which system the database is getting corrupted.How can i identify these things, please answer in brief as i am learning these things.
May 23, 2008 at 4:06 am
Profiler may help you locate where the hacks are coming from. It depends how your app is set up.
Do you have any logging implemented in the appllcaton?
Ultimatly, the only real way you're going to prevnt this is to fix the application. Only parameterised stored procedure calls to the DB. No concatenation of code.
User that the app uses should have minimum permissions, (not sa!) with just exec rights on the procs
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 23, 2008 at 4:10 am
Yes SQLProfiler will help you in finding users who are connected to your server. Can you please tell if your application is using standard SQL Server port???
Basit Ali Farooq
MCITP Database Administrator
Microsoft Certified Professional Developer (Web Applications)
Microsoft Certified Database Administrator
Microsoft Certified Systems Engineer
Microsoft Certified Systems Administrator
CIW Security Analyst
Cisco Certified Network Associate
May 23, 2008 at 4:51 am
Hi, i know how to connect to the profiler and after that i am seeing the datbaseses details and i am also getting the queries which are running, but how can i find who has done it, please explain in detail.
May 23, 2008 at 6:35 am
When you setup the trace, switch over to the Events Selection tab and ensure that the NTUserName and LoginName columns are coming back.
If you just setup a trace using the Standard template, you should have all that you need.
Think great, be great!
May 23, 2008 at 6:42 am
bbop1322 (5/23/2008)
When you setup the trace, switch over to the Events Selection tab and ensure that the NTUserName and LoginName columns are coming back.
Providing the app's not using a single login to connect to SQL. If it is, you may need to add some logging into the application to trace the source.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 24, 2008 at 8:57 am
Hi Gail and Others,
I have done the same thing, previously i was using single login for application and admin page also. Now i have restricted original login for select privileges and i have created another login for admin.
I just checked the database and it is running perfect now so it is i think was a user who has making us worry and it was not from admin side.
Thanks for ur support, really i am getting good knowledge.
Thanks,
Syed Sanaullah Khadri
DBA
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply