Collaborate Disseminate
Amateur Question… We’ve written a SaaS application that runs in Google Cloud on a GCP-managed MySQL database. We now need to make our application PCI and / or HIPAA compliant. I know we need to specify our own encryption key and keep it … Continue reading Is Google Cloud Database encryption with customer specified keys PCI and / or HIPAA compliant?
I’m doing blackbox testing on a website vulnerable to SQL injection.
I put a ‘ on the search bar, and for some reason it didn’t show an error.
I put a ‘ on the search bar this time with a SQL statement. Now the error shows up.
I tried to g… Continue reading SQL injection question
In this guide, we’ll explain how to create and connect… Continue reading How to Create And Connect to an AWS RDS MySQL Database
On a server of mine, its local ESET firewall is blocking MariaDB’s mysql process from accessing a blacklisted IP 154.12.54.163:1277. MariaDB is installed and expected on the server.
I’ve also tried netstat -a -o -p TCP but that doesn’t sho… Continue reading Find why mysqld is trying to reach a blacklisted IP
If you’re looking for a simple-to-use web-based GUI for administering your relational MySQL databases and then some, Adminer may be what you’re looking for. Continue reading How to Install Adminer on Ubuntu Server
I’ve taken a pen-testing course and for the final certificate, I have to analyze a server and make a report regarding the vulnerabilities.
The server does multiple functionalities, It acts as a web application server ( as I can connect t… Continue reading The server acts as a database server , but there is no open port regarding that why?
I am learning Blind SQLi with Port Swigger Academy but I am stuck on this lab: https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses.
In this lab I have to get the user ‘administrator’ password from the table: … Continue reading Blind SQLi – guessing column name
I have a mysql docker container, when the volume is created on boot, the following initial script is called which creates a database, gives a user access to that database and deletes the root user with ‘%’ access:
define DDL <<-sql
… Continue reading Does it improve security to remove root@% from local mysql container? [migrated]
I am creating a simplified lead and call management system for a friend’s small business.
I would like to know the best practices for hardening password storage and verification using PHP 7.4 and MySQL 7.4.30.
I would like something very s… Continue reading Best practices for storing passwords for PHP and MySQL applications [duplicate]
I was watching the DEFCON 17: Advanced SQL Injection video here.
At 15:00, when discussing the various classes and types of SQL injection attackS, the speaker stated
With MySQL you really only have Union-based and Blind
Provided the abov… Continue reading Why are MySQL injections more limited than MS-SQL attacks?