Collaborate Disseminate
Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to the RiskSense report. Top 10 weaponized CWEs The study also revealed that it takes a very long time for O… Continue reading 2019 was a record year for OSS vulnerabilities
At its Build developer conference, Microsoft today announced Azure Synapse Link, a new enterprise service that allows businesses to analyze their data faster and more efficiently, using an approach that’s generally called ‘hybrid transaction/analytical processing’ (HTAP). That’s a mouthful, it essentially enables enterprises to use the same database system for analytical and transactional workloads on […] Continue reading Microsoft launches Azure Synapse Link to help enterprises get faster insights from their data
Setup
I have several services (Postfix, Apache (PHP)) that access a PostgreSQL database on a Debian Linux 10 system.
everyone is on the same host
they use the loopback interface (127.0.0.1) to communicate
the accessing services store th… Continue reading Can I skip any password hashing for localhost authentication?
I am trying to put some fields in a Postgres database hosted on a Heroku app and it keeps returning this error:
Error: self signed certificate
code: ‘DEPTH_ZERO_SELF_SIGNED_CERT’
I have tried adding a key, certificate, and CA bundle but… Continue reading Is it safe to set rejectUnauthorized to false when using Heroku’s Postgres database?
Suppose I have a very simple PHP application that acts as a front-end for an SQL database. The user enters their query into a box, and the app shows the query results in a table.
To prevent a user from modifying the table, the SQL user o… Continue reading Is SQL injection still a bad thing if the user is restricted to non-harmful queries?
At times like this, chatting about cool new features in Azure is a lot less important than what’s surrounding us all, and impacting some of us either directly or indirectly, now. But you know what? A distraction from the fear, worry, or self-imposed incarceration can be a good thing. So let’s crack on with it, and let’s talk about the cool new IaaS features that Azure launched during the last month.
The post Everything You Need to Know About Azure – March 2020 Edition appeared first on Petri.
Continue reading Everything You Need to Know About Azure – March 2020 Edition
A number of years ago now, still well into the 2000s, I was very naive. Especially in terms of computer security.
To make a long, painful story which I don’t even remember myself all too well, the basic gist is that I set up a FreeBSD ser… Continue reading Why did/does PostgreSQL, MongoDB and probably other database softwares allow such dangerous configurations?
I am working on bug bounty program for which they have given a test postgres DB environment with only one username and password … So I am using that for my testing purposes. Later I found out that the postgres DB that was p… Continue reading What can be done with rdsadmin password in a redshift Postgres DB
I have a postgres 11 database with no confidential information in it and in the application an intruder can write queries inside the following update statement.
UPDATE table
SET col_a = val_b
WHERE {potentially some other fi… Continue reading How can a restricted window for sql injections be abused?
I’m building an application and I have some very, very advanced users who can come up with endless filters they want. They know SQL so in the end gave them some of the filters and said in the bottom of the screen you can have… Continue reading Allowing users to input raw SQL in update statement safely