Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > network management > Content
Hot Articles
The share network manage
The discovery discovers
SQL pours into the new t
The share network manage
The expert analyzes ten
The Windows 2003 termina
The computer password ex
Safeguard system clean n
Prevents the hacker to i
Chats in local area netw
Establishes a hypothesiz
The new military recruit
Teaches you to close the
Analysis honey jar techn
Under the Windows safe m
Recommend Articles
The expert analyzes ten
Safeguard system clean n
Graphic solution IE8 man
SQL pours into the new t
Why can't hundreds of th
Prevents the hacker to i
Teaches you to close the
The share network manage
Chats in local area netw
About the network connec
Let the network transmis
Explains in detail virtu
To hoodlum software and
Careful system initiatio
The common wooden horse
New Articles
Fights the WEB server se
VoIP security crack anal
VoIP security crack anal
Unix meat chicken scanni
Teaches you to distingui
The wireless network act
AES-IntelliNet Introduce
Enterasys Networks Deliv
Wick Hill launches minia
SFN Releases the First N
WLAN Market to Move Beyo
Is Your Network Public?
Plymouth City Council en
AEP Networks releases Go
JVC to Deliver Hybrid IP
Teaches you three big measures to pour into SQL the attack the harm minimum
  Add date: 10/27/2008   Publishing date: 10/27/2008   Hits: 1
Total 2 pages, Current page:1, Jump to page:
 
The use user provides the data carries on the database inquiry any application procedure is SQL pours into the attack a latent goal. The database administrator is possibly unable to prevent completely in view of its database server's SQL spoon-feeding attack; But, the managers and the application procedure development personnel may handle some matters, these attack influence minimum. Then

What can the database administrator make?

Do not let the database and the Web server places on the identical Taiwan computer.

Uses the firewall or cannot route's IP address prevent to the database Internet visit. Once disposed finishes, could not retransmit from database server's data packet the Internet. Needs to increase a route on the Web server, like this could find the database server.

The disposition may trust the IP turning on and the visit (e.g., does IPSEC), which machines control to be able with the database server correspondence.

Uppers shift from the database server eliminates all demonstration script and the application procedure.

Uses a special-purpose low privilege account for each application procedure's database connection account. Do not use sa, dba, admin.

Do not allow the user or the application procedure direct visit database table. Must use visit to the database has the limited application procedure role. If the application procedure only needs to read the visit, must the database visit limit for read-only.

Memory process which the detachment has not used from the production database.

Only will be authorized the memory process which visit to application procedure's founds to the user.

“_ANY_” the authorization do not give the operating system order or the system memory process the application procedure.


What can the application procedure's designers make?

The programmers shoulder are safeguarding the Web application procedure security the important responsibility. Is designing and the code stage strengthens safely investigates ceases the procedure crack's key. Says roughly, the procedure designer must implement the following some measures at least:

Must found the specific general wrong news which the application procedure must produce. Because, pours into attack period in SQL, through the database production's default's wrong news, the aggressor may gain the valuable information, like form and fence's name.

Before gives the user service's input submission the database, confirmation user input validity. Only accepts the user input which expected, and limits its length. Attention, so long as is possible, the use white list tabulates the inspection all user input. The application procedure server firewall may use in inspecting all inputs, and only accepts these meet standards the input.

In procedure development period, uses in the Web application procedure scanning tool discovery code the crack.

Isolate the Web application procedure and the SQL database, the application procedure will request all SQL lays aside on the database server.



 
Other pages: : 1 * 2 * Next>>
Prev:The use security's C# code jumps out CLR sandbox (figure) Next:Computer introduced the secrets of the main ways

Comment:

Category: Home > network management
Home