Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
1
vote
1 answer

How to give one user full access to MongoDB right after install?

I just installed MongoDB 4.4 on Ubuntu 20.04. Now, I want one user with a password to have full access (create database, write to it, delete it, etc.) over TCP port 27017. How can I do this?
yegor256
  • 102,010
  • 123
  • 446
  • 597
1
vote
0 answers

Postgres: Is Using Both Prepared Statements and Character Escaping Sufficient to Avoid Malicious User Input Attacks?

I assume if I use prepared statements and then escape all ' characters, no input any user dished up could cause me any trouble. But I know there are lots of tricky hacks out there and my assumptions of my database's impenetrableness are often…
JCollier
  • 1,102
  • 2
  • 19
  • 31
1
vote
2 answers

Preventing fraudulent submission to a scoreboard

I'm working on the backend for a Flash game and I need to secure the data going into the scoreboard. The game is going to be hosted on many sites in a banner ad, the user will play the game in the advert then click through to the main site to save…
Greg B
  • 14,597
  • 18
  • 87
  • 141
1
vote
0 answers

Can I encrypt MySQL on Google Cloud SQL at the Schema / DB level?

We have developed a data matching application where each user can upload their data and the apply the features we provide to identify when the same entities exist in those files. While it will change in the future, we are currently built on MySQL.…
Ben
  • 4,798
  • 3
  • 21
  • 35
1
vote
1 answer

Best practice for storing sensitive connection data when connecting to a DB

I have always done my DB connection through a file like "connection.js" and it contains the sensitive data like password, user, host, etc. required for creating a db connection. Is there an industry practice for dealing with this? Or a best way of…
blitz
  • 149
  • 1
  • 12
1
vote
1 answer

Best way to secure 3rd party api key in MongoDB

I have a specific use case in my application to store users 3rd party API Keys to retrieve data from those 3rd parties. It is a web application and I am using express as well as MongoDB for the database. Is there a specific way to best secure it (I…
Rocksmash
  • 93
  • 1
  • 8
1
vote
1 answer

The customer wants all data encrypted in database, how to make efficient queries fields are encrypted?

Nowadays some non-technical customers ask if all data is stored (and transferred) in encrypted form. They do not like the idea that only password is hashed. What are the best practices, e.g. how to make efficient SQL queries, if all data is…
Tom
  • 6,725
  • 24
  • 95
  • 159
1
vote
1 answer

Securely store client database details

I'm adding functionality for regular exports of data from our databases to a clients database. Clients will supply database details which we need to keep secure. What would the best way of securely storing the connection details, ideally they'd be…
Shardj
  • 1,800
  • 2
  • 17
  • 43
1
vote
1 answer

Is it possible to add a layer on Firestore so the changes won't be committed directly?

As my title states, is it possible to add a new layer above a Cloud Firestore database, so all the changes that are made by users to be not committed directly in the database?
Dave
  • 189
  • 1
  • 8
1
vote
0 answers

Safely destroy (shred) MySQL database

I want to store sensitive data in a MySQL database for a while, so I'd like to know a way to delete a MySQL database without having a chance of recovery. In Linux, we have a tool named shred which overwrites the content of the file repeatedly, so…
Aleksandrus
  • 1,589
  • 2
  • 19
  • 31
1
vote
1 answer

Managing many companies with Oracle

My company is storing its data in an Oracle database. It offers services to several other companies, each of them having thousands of customers placing orders. For historical reasons, all of the data are in the same schema and, for example, all…
Aki
  • 11
  • 1
1
vote
0 answers

Implementing security via SQL Server roles or Windows groups

I'm looking for the best way to secure access to the data stored into an SQL Server database (accessed via stored-procedures). Company's users are split into 3 entities with associated Windows security groups: G_SUBSIDIARY1, G_SUBSIDIARY2, and…
Pragmateek
  • 13,174
  • 9
  • 74
  • 108
1
vote
1 answer

How to properly store login info in database

I wanna to design an authentication database which has the following functions: I used Bcrypt so I need to store the salted password in the dB I only allow user login to one device at a time, so I need to check if the user is currently logged in.…
fredpan
  • 47
  • 1
  • 10
1
vote
0 answers

Is there any way to encrypt my data without doing it manually?

Is there any way to encrypt my data without doing it manually? I do not want to update my data to the encrypted data every time. I thought about triggers but triggers cannot work on same table. I want after any insert or update, encrypted insert or…
user10184524
1
vote
3 answers

How to securely store database credentials in windows?

I use python and SQL-server to manage a database, but I do not know "good practices" about database management and know few about security information. Is it secure to save Database credentials in Windows as a environment variable and use it into…
Carlos Bettin
  • 120
  • 2
  • 11
1 2 3
14 15