Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
0
votes
2 answers

Storing DATABASE_PRINCIPAL_ID in sql server table

We're using stored procedures to restrict the access of some of our database users. They need access to specific parts of the database (not just tables/views, but also specific rows), and the sproc should check if the user is allowed to see the…
Jonas Sourlier
  • 13,684
  • 16
  • 77
  • 148
0
votes
2 answers

SQL Server 2005 Security

Here is the scenario. I have a SQL Server 2005 production database/server. It currently has developers and supporters who can connect to it. I need to create a security module that gives developers read-only access to all areas of the database. This…
Ian
  • 1
0
votes
1 answer

How to prevent to open MS Access database file?

I am developing one Inventory project to sell by using C# and MS Access. After sell this product, Client(or any other) may open the document and read it. I need to overcome this less secure. I googled it and found solution that Password…
arun
  • 29
  • 1
  • 6
0
votes
1 answer

Encrypting user data

I have an Android application that transmits some user account information as json over ssl to a central server. 3rd parties can send messages to the users if they have the users' username. The username can never be queried from our server, infact…
Leon
  • 12,013
  • 5
  • 36
  • 59
0
votes
1 answer

Protect table update using database role (server role is over)

I have a database role named app_user with select, update, insert and delete rights on all tables except 2. On this 2 tables app_user role has only select right. But, some users have right to create database users (using create login, sp_adduser,…
davor
  • 939
  • 2
  • 14
  • 31
0
votes
1 answer

Why a MYSQL string that contains ' is not secure?

guys,I am new to mysql security,and when I search this issue on google,lots of people are warning that we should check the mysql string to see if it contains ' or not,otherwise you are at the risk of getting mysql database injected,but they didn't…
Mr.Leex
  • 9
  • 4
0
votes
1 answer

How to secure the content inside a production DB for a RoR web application

I have outsourced the development of a web application based on RoR and hosted on heruko. I have three types of users of this application, the developers, the content generators, and customers. I want developers to be able to create tables and/or…
jason
  • 1
0
votes
2 answers

Using SSL certificate in database

I was exploring SSL certificates and its advantages. There I came across using SSL certificate for Database connection. I am confused with why we need secure connection with database. Since if secure connection is established between client and…
Lolly
  • 34,250
  • 42
  • 115
  • 150
0
votes
0 answers

mySql Database security

I have a database security question. Here is my scenario: I have a CodeIgniter app with an associated mySql database (main) on a private internal server There are several satellite applications which need a subset of the data in the main…
Illes Peter
  • 1,637
  • 5
  • 25
  • 43
0
votes
1 answer

How to restrict sql lite data access across applications in android?

How can I restrict that applications can access only that data from SQL lite (android database) that I allow them? for example- I want that my selected contacts from the contact list should not be accessed by any application running on the phone? I…
Zubair
  • 304
  • 1
  • 5
  • 19
0
votes
3 answers

Report on individual password expiration intervals in Sybase ASE 12.5

I want to run a report to make sure the password of every user is set to expire every 30 days, but the expiration interval doesn't seem to be stored in syslogins?
Sard
  • 2,375
  • 5
  • 21
  • 21
0
votes
2 answers

Should a user be a schema owner in order to read, write, and execute SPs?

My webapp needs to read, write (INSERT, UPDATE, DELETE), and execute stored procedures on a SQL 2008 database with five schemas. I created a user that authenticates through SQL, and granted the user db_datareader, db_datawriter, and db_procedureexec…
IVR Avenger
  • 15,090
  • 13
  • 46
  • 57
0
votes
3 answers

security problems with passing javascript variable to a php variable

Possible Duplicate: Preventing fraudulent submission to a scoreboard Prevent Cheating on Javascript Game i've found a way to pass my javascript variables to a php variable by using this: window.location.href = ".../gameover.php?points=" +…
jannes braet
  • 1
  • 2
  • 8
0
votes
1 answer

password_verify_function not used?

We are attempting to secure an oracle instance and the default password verification function does not meet the exact specifications established. A new function was written and compiled by sys. This was also set as the "DEFAULT" profiles…
rynmrtn
  • 3,371
  • 5
  • 28
  • 44
0
votes
2 answers

PHP File Upload - Ensure both file is uploaded AND database updated

What are best practices for uploading files using PHP to ensure that a database is also updated? Current approach 1) Form validation confirms all fields are of valid types, lengths and clean of xss attacks. 2) File uploaded to server with user…
csi
  • 9,018
  • 8
  • 61
  • 81
1 2 3
14
15