It is currently Sat Aug 02, 2014 7:29 am

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Database and encrypt
PostPosted: Tue Apr 19, 2005 7:12 am 
Offline

Joined: Tue Feb 15, 2005 1:34 pm
Posts: 71
Hello

If a hacker finds IP of Sql server,How is to prevent that hacker to read and
and browse data from that database?

(as select * from mTable where AFileld<value )



If I encrypt data,then how to run SQL query about encrypted data?

like:

(as select * from mTable where AFileld<value )




Of course I dont want to use function that there is in sql,In order to code and decode.
( for more security,Cuz if someone find password sa ,Then he can reach anything)


Top
 Profile  
 
 Post subject:
PostPosted: Tue Apr 19, 2005 5:45 pm 
Offline

Joined: Sun May 02, 2004 11:34 pm
Posts: 6610
Location: toronto, canada
This is as much a network and administration question as it is a web question. In reality, your db server should be on a separate machine within your network with an internal network address. It should not be exposed to the outside world for people to sniff around.

On the admin side, you should change the sa password and even the user name to sometihng complex and not easily guessed ( no true words, use mixed case and non-alphanumeric characters ). Implement login triggers to limit the number of times a particular IP can attempt to access the server. Connections to the server should be allowed only from inside the network. All attemtped connections should be logged and those logs reviewed to look for abnormalities. Users should only be given the minimum permissions to look inside the db required for them to do their job (ie only select, session, update, insert for the web user)

Encrypting the data is possible, but you'll need to look at the data and the applications to decide what parts of the data need to be encrypted, likely not all data, but certainly perhaps personal type data (ssn, name, address etc) could be. Consider also the use of multiple dbs to separate the storage of data by sensitivity. You also need to figure out if the encryption is likely to slow the app down to the point of near uselessness.

_________________
Lostboy

Cat, the other other white meat

Please read Posting Etiquette before posting

You can always try Google


Top
 Profile  
 
 Post subject:
PostPosted: Mon Sep 15, 2008 2:05 pm 
Encryption is not doubt good for authentication but still there will have possibilities for hacking, so I think changing password at a certain interval is the better remedy against hacking.


Top
  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron