Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
1
vote
3 answers

Accessing various databases as one in SQL Server

I have two different databases in SQL Server, lets say db1 and db2, and I need to join data between them, but using my application that has access only to db1. So, I thought of two possibilities: the first one is to create a view in db 1 that reads…
Julio Furquim
  • 85
  • 6
1
vote
2 answers

ASP.NET Application Connection String and SQL Server Security / Permissions

I am deploying an ASP.NET application and SQL Server (2008) database on a live (production) server. The physical server is running both SQL Server 2008 and IIS 7 - it is provided by a hosting company and is not part of our internal network. I have a…
Chris Cannon
  • 1,157
  • 5
  • 15
  • 36
1
vote
1 answer

Database security in NoSQL environments

In traditional DBMSs we can see security mechanisms like access control implemented using SQL. In NoSQL environments, how are such security mechanisms implemented?
deltaaruna
  • 528
  • 6
  • 24
0
votes
2 answers

MySQL escaped_strings VS. Parameterised Queries

Just reading up on Parameterised queries, which seem to be the last word in database defence, and was wondering the following: I have an existing PHP/MySQL self-built CMS where ALL inputs (bar checkboxes and radio buttons) are subject to…
Eamonn
  • 1,338
  • 2
  • 21
  • 53
0
votes
1 answer

Is there a database tool which shows a list of sql commands I have permission for?

I talked to the developer of HeidiSQL about it and he told me I can query it by "show grants" command of sql, but i don't understand the result set coming from it. show grants // I execute query here GRANT USAGE ON . TO 'fsdb1user1'@'%' IDENTIFIED…
Uğur Gümüşhan
  • 2,455
  • 4
  • 34
  • 62
0
votes
1 answer

Software Firewall with 'log in' function

I need to secure a server with a firewall, that's simple :) But for certain users I would like to open certain other ports (for example direct access to the Database for SSRS report builders). These users don't have static IP addresses, and so right…
adudley
  • 902
  • 10
  • 24
0
votes
1 answer

Is CouchDB Authorization Alone Sufficient For Production Apps?

Is there any case where CouchDB authorization alone is sufficient for production apps? They recommend deploying a proxy server in front of Couch but do not recommend an authorization layer / server? See Best Practices. I understand that read access…
Ronnie Royston
  • 16,778
  • 6
  • 77
  • 91
0
votes
0 answers

Building a full stack web app with SvelteKit, MongoDB, and Auth0 while ensuring secure user-specific document access

I'm working on my first full stack web application using SvelteKit, MongoDB, and Auth0. I need guidance on implementing secure authentication and user-specific document access. Here are my specific questions: Authentication: How do I configure…
Krish Skywalker
  • 37
  • 5
0
votes
0 answers

where to start building a web service layer to secure my database?

I have recently built an inventory system for a c# portfolio project and I have all the main functionality of the program down, the database is built and all the passwords are hashed and somewhat secure etc, but I wanted to something a bit more…
tom7765
  • 1
0
votes
1 answer

Hide a database from logins with VIEW ANY DATABASE permission

On our SQL Server, we have a lot of users (logins) who have 'VIEW ANY DATABASE' as an effective permission. I need to secure a single database and its tables from these users. Ideally, they shouldn't be able to see it. If that's not possible than…
TK Bruin
  • 472
  • 4
  • 15
0
votes
0 answers

How to make document accessible to changing group of users in FireStore Security Rules

I've been trying to understand the differences of one-to-many and many-to-one relationships in nosql databases. I purchased a few courses on this and Firestone security rules language and have a basic grasp of it all, but I can't think of an…
Spencer Hawkins
  • 7
  • 1
0
votes
0 answers

Process an http request through database from resource usage & security perspective

I fee very skeptical about this part as I have not found an answer on the web that satisfies me. The questions are: Should I keep the db connection on forever and then keep processing my requests. This way is easier as I only have to open up the…
Raj Kumar Singh
  • 23
  • 5
0
votes
1 answer

How to design security policies for a following system including counters in postgres/supabase if postgres functions are used?

I am unsure how to design security policies for a following system including counters in postgres/supabase. My database includes two tables: Users: uuid|name|follower_counter ------------------------------ xyz |tobi| …
tobias hassebrock
  • 153
  • 1
  • 16
0
votes
1 answer

Disable update, insert, delete for certain users from certain applications

Is it possible to create some "system" trigger, through which it would be possible to enable / disable the execution of update, insert, delete commands on the whole database, for certain users and / or certain applications? I know I can do a logon…
Miroslav
  • 3
  • 3
0
votes
1 answer

Deny doesn't take priority in case of permission chain?

Deny usually has more priority than grant. For example grant select is overriden if there is deny select. However, when it comes to permission chaining, suppose user has access to the stored procedure or view, and the owner of the view is same as…
variable
  • 8,262
  • 9
  • 95
  • 215
1 2 3
14 15