Seen This?

  • Just curious as to reactions from this item that came to me today in a Red Gate e-mail newsletter:

    http://www.red-gate.com/sql/more/backup_opened_with_notepad.htm

    If you open system db backups you can also see user names in clear text.  Not good.

     

    My hovercraft is full of eels.

  • That would be another major Whoops...

    Can we delete this file without breaking the system?

  • Even bigger whoops for Simon Galbraith whoever he is - "married with mistress" ?!?! Now what's that all about ?! AND his Amex# as well ?!

    sswords - why do you say system db backup ?! Seems like a user db to me..."PersonalInfo"???







    **ASCII stupid question, get a stupid ANSI !!!**

  • Simon is the marketing director at Red Gate. I am sure it is just a joke but it does prove a point.

    If you run any native SQL backup, the backup files from the system or user databases are not encrypted or password protected. Worse yet, they can be opened with a simple text editor. Not a tough hack but a major security hole from MS in my opinion.

    That is why I zip the backups files with password protection shortly after the backups are completed. I also know that Red Gate has a program called SQL Backup that does compression and encryption of your backup files.

    SJ

  • I saw this at a deonstration byu DB Assciates (now Imceda) years ago. It's one of the reasons all the backup products include encryption capabilities.

  • I know...I got a kick out of 'married with mistress' as well.  Who on earth would put that on a credit application or purchase?  But it did help to make his point.

    The reason that I mentioned the system db's was that it's not only the user databases that you need to be concerned, about as sensitive info can be obtained from any db backup.  If an intruder can get valid user names, they're well on the way to being able to launch a brute force attack.  

    My hovercraft is full of eels.

  • Point taken about the system db explanation!!

    Re: "Who on earth would put that on a credit application or purchase?" - obviously a married man with a mistress...there can't be a more "desperate" cause for a credit application...he'd immediately get it approved on sympathy (read: empathy) votes alone...from all the "male application processors" ie....

    ps: apologies about making the gender divide again, but I couldn't resist throwing that in...<:-)







    **ASCII stupid question, get a stupid ANSI !!!**

  • And you're the one asking others to stop doing that???

  • Now, now you two.  Don't make me stop the car.   

    My hovercraft is full of eels.

  • Nice car... goes from Japan to canada widthwise???

    how big is the tank?

  • Don't stop the car yet...this is toooo much fun!

    sswords - Remi always rises to the bait...it's so much fun casting...







    **ASCII stupid question, get a stupid ANSI !!!**

  • arhem, WE always rise to the bait dear.

  • And you have to admit (in all fairness)...that one NEVER comes across "married with 'master'"....right ?!?! <;-)







    **ASCII stupid question, get a stupid ANSI !!!**

  • Gay marriage his being legalised as we speak... so it shouldn't be long .

  • How typical of your gender Remi!!! (YOU said it this time, not I....)

    Gay marriages...off we go at a tangent again...don't throw too many variables in!







    **ASCII stupid question, get a stupid ANSI !!!**

Viewing 15 posts - 1 through 15 (of 65 total)

You must be logged in to reply to this topic. Login to reply