Database Security and Issues

  • Please categorize the list of database security issues for an application.

  • What type of application are you using i mean webapp or gui based like vb app

    [font="Verdana"]Thanks
    Chandra Mohan[/font]

  • More detail is definitely needed. In addition to the questions asked:

    - How is the app connecting to the database?

    - What types of access do end users have?

    K. Brian Kelley
    @kbriankelley

  • My application is Web application.

    and,

    the following are implemented in the database side:

    very least privilieges are given to the access the application,

    sql server is under firewall security,

    a separate server is available only for database.

    Backup mechanism is implemented using job.

    Can you please suggest me, apart from these,

    are they anything to implement?

    Thanks

    Ramani.

  • You're biggest concerns are:

    - The web server gets hacked and the database gets exploited (and potentially the SQL Server). The way to reduce this impact is to restrict the permissions the web account is connecting with. Only give it what access it needs. Do not use dbo and certainly do not use a sysadmin server role.

    - SQL Injection. However, this isn't something you can handle at the SQL Server layer. It's an input validation issue at the web application layer. You can reduce the chances of this by ensuring the application is coded to check input and using Command objects and Parameters in ADO or ADO.NET.

    K. Brian Kelley
    @kbriankelley

  • Thanks Brain.

    Thanks a lot.

    Regards,

    Ramani.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply