It is currently Sun Nov 29, 2015 4:32 am

All times are UTC + 2 hours [ DST ]

Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Database and encrypt
PostPosted: Tue Apr 19, 2005 7:12 am 

Joined: Tue Feb 15, 2005 1:34 pm
Posts: 70

If a hacker finds IP of Sql server,How is to prevent that hacker to read and
and browse data from that database?

(as select * from mTable where AFileld<value )

If I encrypt data,then how to run SQL query about encrypted data?


(as select * from mTable where AFileld<value )

Of course I dont want to use function that there is in sql,In order to code and decode.
( for more security,Cuz if someone find password sa ,Then he can reach anything)

 Post subject:
PostPosted: Tue Apr 19, 2005 5:45 pm 

Joined: Sun May 02, 2004 11:34 pm
Posts: 6628
Location: toronto, canada
This is as much a network and administration question as it is a web question. In reality, your db server should be on a separate machine within your network with an internal network address. It should not be exposed to the outside world for people to sniff around.

On the admin side, you should change the sa password and even the user name to sometihng complex and not easily guessed ( no true words, use mixed case and non-alphanumeric characters ). Implement login triggers to limit the number of times a particular IP can attempt to access the server. Connections to the server should be allowed only from inside the network. All attemtped connections should be logged and those logs reviewed to look for abnormalities. Users should only be given the minimum permissions to look inside the db required for them to do their job (ie only select, session, update, insert for the web user)

Encrypting the data is possible, but you'll need to look at the data and the applications to decide what parts of the data need to be encrypted, likely not all data, but certainly perhaps personal type data (ssn, name, address etc) could be. Consider also the use of multiple dbs to separate the storage of data by sensitivity. You also need to figure out if the encryption is likely to slow the app down to the point of near uselessness.


Cat, the other other white meat

Please read Posting Etiquette before posting

You can always try Google

 Post subject:
PostPosted: Mon Sep 15, 2008 2:05 pm 
Encryption is not doubt good for authentication but still there will have possibilities for hacking, so I think changing password at a certain interval is the better remedy against hacking.

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 2 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: