Collaborate Disseminate
In creating a blacklist function as part of our multi-pronged defense against SQL injection that includes parameterized queries and validating for length and type of input, we are creating a Blacklist function to check input from a .Net we… Continue reading Does Injection Attack Against SQL Server Require Semicolon or Comment?
I wrote a web application that is using AD authentication (Windows) and has its own authorization module (RBAC-like). Back-end is Microsoft SQL Server.
A DBA on my team is not happy with us using a service account to talk to the database, … Continue reading Is using EXECUTE AS impersonation for user authentication in a web application a good idea?
We have DBAs who want to access SQL DBs over DirectAccess (DA). The ask is to open port TCP 1530 over DA. At the moment, we have 6,000 people using DA, we can’t filter on a specific group of DBAs. Effectively if we open the DA rules to all… Continue reading Direct VPN access to DBs – government guidelines (DBAs at home COVID)
I’ve been using LastPass for years, but now I need something bigger with the ability to handle multiple clients, and within those clients I need to be able to set and access passwords for databases (Sql Server, MySql, Mongo), RestAPI and w… Continue reading MSP level Password Manager for Sql Server as well as web
With August now behind us, here’s a look at the major announcements from this month.
The post Everything You Need to Know About Azure Infrastructure – August 2020 Edition appeared first on Petri.
Continue reading Everything You Need to Know About Azure Infrastructure – August 2020 Edition
I’m doing an activity regarding sql injection where the example uses a post request for login. I supplied input to the username which contained a quote and the query threw an error which was displayed to me showing the query that was used…. Continue reading Vulnerable sql query explanation needed [closed]
It seems when SQL TDE is implemented certificates are used to protect the keys used to encrypt the data. What would be the benefits of using a CA signed certificate in this scenario over a self-signed certificate?
Continue reading SQL TDE – Benefits of using CA Signed Certificates over Self-Signed Certificates
An in-house team is creating a new framework and I’m not so sure it’s as secure as they’re letting on. I’m not super well versed in security so I wanted to ask for opinions.
A demo web app was created for us to get familiar with the layou… Continue reading What are the potential vulnerabilities of sending HTML/JS to the browser from the database?
Let’s say we have
one db server.
three app servers with full database access.
Which scenario is the best?
Each app server connects to that one database with different passwords.
Example: app srv 1 uses : “$PSD$Passwrod3” and app sr… Continue reading Giving different passwords to the app servers to access the same database. Pros and Cons?
I’m in a discussion with Information Security team about a legacy Desktop Application accessing a SQL Server database directly using LINQtoSQL.
The Information Security team insists that there are many security vulnerabilities in a Deskto… Continue reading Desktop App with SQL Server security issues