Collaborate Disseminate
I am trying to summarize practices for the secure use of commercial databases such as Oracle and MSSQL. I am having a hard time finding academic sources that portray the best security practices for the use of database drivers (ODBC/JDBC)
I… Continue reading Database Drivers Best Practices [closed]
Imagine a typical web service. A client accesses it through a load balancer, which forwards the request to a backend server which will fetch data from a database, create the result and send it back to the client.
Let’s say no that we want … Continue reading Does such kind of privacy proxy exist?
Row-level security is often an industry requirement in secure environments, such as those dealing with payment cards.
It’s supported by most major relational databases, including PostgreSQL, Microsoft SQL Server and Oracle. It works by int… Continue reading Does "row-level security" actually serve a security purpose?
Bunnie Huang has created a Plausibly Deniable Database.
Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the passwords for these three encrypted files with names A, B and C, or else…”. In other words, security often focuses on protecting the confidentiality of data, but lacks deniability.
A scheme with deniability would make even the existence of secret files difficult to prove. This makes it difficult for an attacker to formulate a coherent demand: “There’s no evidence of undisclosed data. Should we even bother to make threats?” A lack of evidence makes it more difficult to make specific and enforceable demands…
I’d like some perspective on the need for Postgres level encryption via pgcrypto (database field encryption for sensitive information) when there’s already disk encryption (ESB) deployed https://devcenter.heroku.com/articles/heroku-postgre… Continue reading Disk encryption and heroku Postgres database field-level encryption
I’m brainstorming a good architecture that allows me to store user generated data from my mobile app securely on my backend server, without forcing the user to remember an encryption password.
The data should only be accessible to the user… Continue reading Your opinion on my encryption security concept for my mobile app using Firebase and an external backend server?
For research purposes, I am looking for a dataset that has all daily attacks that occurred since year 2000. I am interested in many attacks such as ransomware, malware, and DDoS.
I have been doing a lot of research to find what I am lookin… Continue reading Dataset of daily cyber attacks (Past 20 years) [closed]
I am currently working on a project for a veterinary practice and one of its components is a web-based backoffice for general management.
The practice already has a backoffice-style software, but it’s lacking in some features and it’s only… Continue reading Multiple user sessions at the same time in a backoffice
I have a relatively secure device with very limited internet connections and/or activity. One of those connections is to a AWS RDS database (MySQL)
I’m wondering if it’s possible that my secure device could be compromised by this connectio… Continue reading Is it possible to compromise a device by connecting to a database?
I’ve looked extensively for a duplicate question, but I couldn’t find anything that answers this question exactly.
I have a SQL Server that will be used to store data for a multi-tenant application. Every tenant will have their own databas… Continue reading How should SQL Server users be managed for a multi-tenant application?