Collaborate Disseminate
I just ran sqlmap.py on a website and it found that this is a payload that can be used to make an sql injection:
‘ UNION ALL SELECT CONCAT(0x716a787171,0x4a7766796b42486c626c644d7a7753636a677346504f4a416c53684b705249496146416e4f576f5a,0x71… Continue reading what does this UNION ALL SELECT sql injection do?
Goal
I’d like to have multiple independent websites with one shared authentication server. The auth server will have one database in which all users are stored (just username, email and password, so different data models are of no concern)… Continue reading Using one server and user database for multiple websites
Goal
I’d like to have multiple independent websites with one shared authentication server. The auth server will have one database in which all users are stored (just username, email and password, so different data models are of no concern)… Continue reading Using one server and user database for multiple websites
I have been working with an application that stores sensitive personal data from a number of users. I accidentally came across something that could most likely be exploited.
For obvious reasons, I will not be sharing what kind of exploit i… Continue reading Is it legal to exploit without consent for white hat purposes?
Sorry if this is naive , but the recent data leaks in Australia have me wondering.
Question have been asked of Optus in particular (a local Telco) whether they really should have hung on to identity data such as passport numbers.
I know th… Continue reading Is there a security benefit to keeping data in separate tables?
For example, I have an application that allows users to integrate with 3rd party apps. It stores API keys for those applications in AWS RDS as plain text(a pretty old functionality). From the security standpoint, is it even worth encryptin… Continue reading Are there any benefits of encrypting columns with sensitive data in the AWS RDS that is encrypted at rest?
I would like to do encryption with MySQL AES_ENCRYPT() function used in a stored procedure on the database.
Firstly, I changed the encryption block mode from aes-128-ecb to aes-256-cbc in the MySQL configuration file.
Secondly, my goal is … Continue reading Is encryption with MySQL Aes_encrypt() + stored procedure ok?
I’m trying to figure out the best approach to store some information into a DB that will only be accessible by specific users through a password.
So let’s say I’ve got user X that stores something into the DB. That information is password … Continue reading MySQL encrypt fields and decrypt them with a password
I have an application server accessible from the Web, behind a reverse proxy. Its database is secured on a separate VLAN and the database admin password is strong.
Say the application or the operating system has a vulnerability and an atta… Continue reading How can an attacker cryptolock a database content after having compromised the application server, which protection to setup?
Unlike most tech markets, the decades-old global database market keeps growing faster, even as it tops $100 billion in size. The cause? The shift to cloud and attempts to take advantage of AI. Continue reading Why the Database Market Keeps Growing Bigger and Stronger