Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
2
votes
1 answer

functional composition within a Datomic query

I am passing an actual symbol for a function as an argument to a Datomic query. Is this discouraged? Would you suggest generating the whole query dynamically instead (example would help)? (d/q '[:find ?effect-o :in $ % ?pred-fn :where …
m33lky
  • 7,055
  • 9
  • 41
  • 48
2
votes
2 answers

Why is there no built-in "stored procedure executor" database role?

I've always wondered why the list of database roles (db_datareader, db_datawriter, db_ddladmin, etc) never included a db_storedprocedureexecutor. The others make sense, but it seems like being able to grant the ability to execute all stored procs to…
SqlRyan
  • 33,116
  • 33
  • 114
  • 199
2
votes
1 answer

SQLite Database Security and Tampering

I just wanted to do a quick sanity check with StackOverflow to confirm my suspicion. I'm creating an app and was tempted to use FMDB in Swift to store some data.I am treating this data as public in the sense that I assume it can be tampered with…
NullHypothesis
  • 4,286
  • 6
  • 37
  • 79
2
votes
5 answers

Prevent SQL Server Table operations (INSERT and DELETE) on some tables

While working with some random sql queries on our databases, we may not want to insert or delete items to some of the database tables by just typing their names by mistake. So how to make them locked to the "editing", to be able to work…
stckvrflw
  • 1,489
  • 3
  • 22
  • 37
2
votes
2 answers

PostgreSQL: preventing sql injection on multiinsertion

I'm looking for the fastest way to parse, validate and insert data in table(Postgresql 9.3). The data is an json-array which contains 1..N items. [{"name":"a","value":"1"},{"name":"b","value":"2"}] The table looks like: CREATE TABLE logs ( id…
xardas
  • 296
  • 1
  • 4
  • 12
2
votes
2 answers

Sending out Database Document Ids (Security)

I have a web app that stores objects in a database and then sends emails based on changes to those objects. For debugging and tracking, I am thinking of including the Document Id in the email metadata. Is there a security risk here? I could…
Justin Elkow
  • 2,833
  • 6
  • 28
  • 60
2
votes
2 answers

How to do SQL Server database back up and recovery in MVC 4

I want to do a backup of my SQL Server database via my program in ASP.Net MVC 4. Please help me on where to start as I have not done it before. Thanks in advance
Gotham Must Fall
  • 111
  • 3
  • 11
2
votes
1 answer

Usefulness of SQL column encryption

I have followed http://msdn.microsoft.com/en-us/library/ms179331.aspx for encrypting a column in SQL Server. CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'T3stP@ssword' CREATE CERTIFICATE TestCert WITH SUBJECT = 'SSN Encryption' CREATE SYMMETRIC…
tom
  • 1,822
  • 4
  • 25
  • 43
2
votes
2 answers

Why to close database connection in a desktop application

When user logs in. I Open connection 'conn' which is a public static member my dbclass which has all functions related to database. Then conn remains open until application is closed It does not degrade the application performance measurably but…
Sami
  • 8,168
  • 9
  • 66
  • 99
2
votes
3 answers

Is it safe give to applications direct access to CouchDB through the REST Api?

I watched DEFCON, devoted to NoSQL at all and CouchDB in particular. They observe some vectors of attack like access to client library(Pseudo SQL Transparent layer), access to db and then brute keys.(in Schema-less way), json/view injection. If i…
Darius
  • 180
  • 1
  • 13
2
votes
3 answers

Create a Secure PHP Petition

I launched a website with an online pledge component and it keeps getting hacked/exploited by people using html/javascript to cause crazy stuff to happen on the signatures page. I can't figure out how to script the non-alphas from the fields to…
Sam
  • 21
  • 2
1
vote
2 answers

Escaping/sanitizing data retrieved from the database

Let's say I have a web application that gets input from the user and saves it in a database. Let's further assume that there are no security vulnerabilities -- it correctly escapes user input, uses bind parameters, whatever. Must data retrieved…
Matt Fenwick
  • 48,199
  • 22
  • 128
  • 192
1
vote
3 answers

Splitting a mysql database for security

I have used sql (mostly mysql) for years but not to a professional standard, so I'm looking for a shove in the right direction. I am currently designing a web app that will collect user's names/addresses/emails etc in one set of tables, as well as…
mvsjes2
  • 1,254
  • 2
  • 14
  • 23
1
vote
1 answer

Row level permissions or facebook-style privacy in ASP.NET MVC 3?

I am working on a project that requires custom granular security/privacy settings. Basically I need to be able to restrict access to data based on the user executing the query. Easy enough, right? Here a couple of gotchyas though.. The users must…
Jason
  • 565
  • 1
  • 6
  • 18
1
vote
1 answer

How to setup row level access in Postgres without creating a user

I have an existing API connected to an AWS PostgreSQL database that uses AWS Cognito for User authentication. The goal is for users to insert data via the API with some field mapped to their Cognito id, and retrieve the same data. The idea would be…
Kival M
  • 182
  • 1
  • 10
1 2 3
14 15