Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
3
votes
4 answers

How to disable remote connections to MongoDB?

Normally the answer to question is to set: bindIp: 127.0.0.1 I have this set in /etc/mongod.conf. Unfortunately I am still allowed access to this database remotely. I have restarted the Mongo service a couple times, to no avail. Does anyone have…
awimley
  • 692
  • 1
  • 9
  • 29
3
votes
2 answers

What kind of security do I need for when having a database that holds back accounts and credit card details?

I'm a newbie when it comes to security. I've read posts that mentioned that encryption alone doesn't make an app,website or database secure. I'm also new to certificates and stuff. I've barely touched these things but I'm gonna create a website that…
Joshua Rajandiran
  • 2,788
  • 7
  • 26
  • 53
3
votes
3 answers

Different Redis databases with different passwords?

In Redis there is an authentication feature and also different databases are possible, but can these feature be combined in a secure way? From MySQL I know that there is a user management with and multiple users can have multiple passwords and can…
rugk
  • 4,755
  • 2
  • 28
  • 55
3
votes
2 answers

How to effectively save database password in desktop application?

I'm making desktop application (lets call it app) which uses database (mysql). More app's users share one database user. Example : John and Mike app users connect to DB as "dbuser", etc. The problem is : How do I effectively save passwords for DB…
Michal
  • 33
  • 3
3
votes
1 answer

Mysql Database Attacks other than Sql Injection

I am using mysqli prepared statements and bound variables. Then to prevent sql injection, am I need to do anything else(eg: data type validation, filtering, sanitize, string escape etc ) with user input ? Is there any other way of attacking MySql…
SCC
  • 509
  • 7
  • 13
3
votes
1 answer

DataSource via Parameter + Security

My question relates more to the security of its implementation than just technical questions. I have developed all the reports and are on Reporting Server. They are used by application using the ReportViewer Control in ASP.NET. Given that these…
PookPook
  • 447
  • 3
  • 11
  • 26
3
votes
4 answers

asp.net - How to clean up after an SQL Injection Attack?

I have several old sites that have just been taken offline by my hosting company, apparently due to a SQL injection attack. I looked inside my database and yes I was hacked. *oops* My database has been filled with script tags that have been appended…
Luckyl337
  • 315
  • 3
  • 12
3
votes
2 answers

SQL Server 2008 - Execute sp_start_job from Insert Trigger - Does the job run asynchronously?

I wish to use sp_start_job to start a job from within an insert trigger. The table which the insert trigger is on only has a few inserts a day atm. The point of doing this is so that the insert trigger doesn't have to wait for the job to complete -…
Chris Cannon
  • 1,157
  • 5
  • 15
  • 36
2
votes
3 answers

How to store a SQLite database securely in iphone..?

I have a SQLite database which contains confidential information. So my concern is how do I store it in iPhone so that it is secure and hackers can't get to it. I looked into hardware encryption provided by ipad but could't figure it out how to use…
Ankit Srivastava
  • 12,347
  • 11
  • 63
  • 115
2
votes
1 answer

2FA on phpmyadmin 4.8.4

I am trying to implement Two factor authentication (2FA) on phpmyadmin. Conifguration Storage has been setup and corresponding user has been created. However, when I go to Settings > Two Factor Authentication and select the Authentication…
simba
  • 36
  • 6
2
votes
2 answers

msg: 6528, Assembly 'XYZCLRDatabase' could not be found in the SQL catalog for database 'XYZ'

I executed the following command to my database and it give me the message Commands completed successfully. USE XYZ GO DECLARE @clrName nvarchar(4000) = 'XYZCLRDatabase, ...'; DECLARE @asmBin varbinary(max) = ; DECLARE @hash…
Kalpesh Rajai
  • 2,040
  • 27
  • 39
2
votes
1 answer

SQL Server Encryption via symmetric keys (AES_256)

I was reading about encryption in database (SQL Server) and came across an MS article(https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data?view=sql-server-2017) In the article, they created a master…
Jitendra Pancholi
  • 7,897
  • 12
  • 51
  • 84
2
votes
1 answer

Row level security in Azure Cosmos DB

I have a cosmos db system with a user table. Now I'm develop a client app that connects to cosmos db directly by cosmos sdk (iOS). I'd like to add a security layer to make sure a user can't access other user records, some like select * from User c…
ductran
  • 10,043
  • 19
  • 82
  • 165
2
votes
2 answers

Why hash passwords while the database is already compromised?

Although it seems like trivial that developers should hash the credentials before saving to a database, I can't understand why is this needed. Passwords were invented to keep some users from seeing some private data, which belongs to someone else.…
Deniz Basgoren
  • 73
  • 6
2
votes
1 answer

Can I make a collection append-only in Cloud Firestore?

I want to write game events and audit logs from my app to Cloud Firestore. Once written, I don't want the user to be able to modify or delete these events/logs. How can I do this?
Dan McGrath
  • 41,220
  • 11
  • 99
  • 130
1 2
3
14 15