Collaborate Disseminate
Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but those who pa… Continue reading Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot
PostgreSQL is an open-source object-relational database platform with a track record of over 25 years of ongoing development. Its reputation is solid for its reliability, extensive features, and high performance. PostgreSQL 16 enhances its performance … Continue reading PostgreSQL 16: Where enhanced security meets high performance
A partnership with NVIDIA on supercomputing and an enterprise-grade version of Google Kubernetes Engine top the array of cloud and AI reveals. Continue reading Google Cloud Next ’23: New Generative AI-Powered Services
I want to prevent SQL injection attacks in a rather abstract application. Therefore I want to escape all user provided input as described here. The other options provided on this page don’t fit in my scenario.
I couldn’t find the right pla… Continue reading How to do character escaping in PostgreSQL to prevent a SQL injection attack?
Application login request is shown below.
The postgres information is passed via the cabinetName parameter. Is it a vulnerability? is it useful? can we exploit it?
or any other ways to exploit below request?
POST /<REDACTED>/LoginSer… Continue reading postgres database information passing in request can we exploit further? [closed]
I have a Postgres database hosted in AWS RDS. The rest of my application is also hosted on AWS.
The database migrations, like adding a new column, are done by Prisma, a node package. The pipeline is on GitHub Actions.
There I run npx prism… Continue reading AWS RDS Database access from Github Actions
Generally, when encrypting sensitive-data columns, we use the same public key for all the rows. I have noticed that it is possible to use different public keys for different rows. For example, sensitive-data column for department A is encr… Continue reading Using different public keys on the same (encrypted) column
Context
A small web application with REST API and postgres as db, that has users, documents and teams. A user can do basic CRUD operations on document.
A user is always a part of a team. A team is generated on user signup. A team has at le… Continue reading Any obvious pitfalls of modeling access control policies using subject, scope, object?
I was prototyping a system. I got a VPS, NodeJS (backend), frontend (Angular 13). One day I was accessing my system and the backend stopped responding. I have run the backend using the console and an error saying that my table was not foun… Continue reading How did someone access my Postgres database? [closed]
I need to test my website. Any advice to make better security?
Continue reading I need to do a pentest of my PostgreSQL website [closed]