Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
1
vote
1 answer

User permissions in sql server DB assigned from AD groups

We have MS SQL Server 2012 in production use and MS AD. Let me explain in short what our concept of assigning user permissions is like. For certain user group that has some access to a certain application we create AD group and assign AD users to…
j_j
  • 11
  • 2
1
vote
1 answer

Dockerized database passwords management

For example, I need to "dockerize" PostgreSQL, MongoDB and Redis each one to a separate container. I want to create a secure passwords-protected users/roles for that storages and then access them from a several dockerized applications. Dockerfiles…
Dan K.K.
  • 5,915
  • 2
  • 28
  • 34
1
vote
2 answers

Securing SQL Server Database

I have my SQL Server running on a remote server. I want to delegate tasks to my team who would be accessing the server to execute the ASP.NET application and hence the SQL Server Database credentials are stored on the connection string. But I do not…
Slick Guy
  • 69
  • 6
1
vote
0 answers

Application-initiated datatype overflow security vulnerabilities in SQL Server 2012

Short Description: Improper application validation passes invalid data into SQL update statements executed in SQL Server 2012, causing a server-side error which is not handled by the application. From a database security perspective, could this be…
JosephMoeller
  • 141
  • 1
  • 9
1
vote
1 answer

Restore database rights on restored database SQL Server 2012

We are restoring a SQL Server 2008 backup database on a SQL Server 2012 database server. The restoring goes well, the files are created and the database is online. But unfortunately, we do not have any rights on the database, other than read. In the…
user3770992
  • 13
  • 1
  • 3
1
vote
3 answers

Is it possible to stop users downloading a SQLite file?

I was learning SQLite3 from here; it's really good and portable, but what if someone somehow get to know the database file name say test.db, and then simply downloads it ? Probably it will be more dangerous than SQL injection, as the attacker can…
user3452098
  • 268
  • 1
  • 3
  • 17
1
vote
1 answer

The proper way to handle data flow through an application

This may get marked as duplicate, but in my defense, I've been searching around for a while, and a lot of the information I find is in relation to mysql or mysqli at best, or is incomplete. I want a thorough, up-to-date answer that factors in using…
hyphen
  • 957
  • 1
  • 11
  • 31
1
vote
1 answer

Visual Studio Database Project Script Domain Name

I am creating user creation script in an SQL Server 2008 Database Server project in Visual Studio 2010. The script looks like this... CREATE LOGIN Domain\User FROM WINDOWS I will be developing on both my desktop PC and laptop. Neither run on a…
Remotec
  • 10,304
  • 25
  • 105
  • 147
1
vote
3 answers

Best and most secure way of granting privileges on SYS owned objects

The users SYS and SYSTEM should never be used since there's a risk of damaging the SYS schema: "In general, unless the documentation tells you, you will NEVER LOG IN as sys or system, they are our internal data dictionary accounts and not for your…
Toru
  • 905
  • 1
  • 9
  • 28
1
vote
1 answer

Storing email-id securely on website's backend

I'm making a site in which users will login with OpenID. I'll though, only give them the choice of Google, Yahoo, and AOL. They'll login or signup with their OpenID providers' accounts (Google/Yahoo/AOL) and after they are redirected back to my…
Tony K
  • 61
  • 3
  • 10
1
vote
3 answers

Danger of SQL query being sent as a parameter?

Basic question. If I have a form that asks a user for their name, email, and comments, and I store the entries in the database... What happens if someone types in a SQL query such as: DROP tablename in the comments…
user1447679
  • 3,076
  • 7
  • 32
  • 69
1
vote
1 answer

Sensitive Client Details

I have a security related question about storing some client information - specifically their database login credentials. My app works based on the client and so the database details need to be set at the start. My initial thought was to hold it all…
0Neji
  • 1,038
  • 1
  • 14
  • 36
1
vote
2 answers

How to secure the email ids stored in the database?

I am storing passwords after bcrypting but user email ids as a plain text(without encrypting), because I want to send newsletters to that email ids regularly. I have got two questions? How to secure the database so that email ids as the plain…
VDN
  • 85
  • 1
  • 9
1
vote
1 answer

Database password storing issue, Java Web App

I'm part of a Java Spring Web app which should be very secure. So far, on test environment we're loading database username & password from a property file which lies on classpath. The password is encrypted with a key which we load from local file…
braincell
  • 562
  • 1
  • 13
  • 26
1
vote
1 answer

PHP PDO access to MySQL

I went through the process of converting mysql_* code into PDO code. I've run it and checked that it works and everything. I just want Stack Overflow's review of it, to make sure that I'm killing the connection properly, whether I should use some…
Richard
  • 5,840
  • 36
  • 123
  • 208
1 2 3
14 15