Wednesday, May 11, 2005

The Main Threats To A Database Server

The main threats to a database server are:
  • SQL injection
  • Network eavesdropping
  • Unauthorized server access
  • Password cracking

See Securing Your Database Server in more detail. I didn't pay attention to network eavesdropping before. To counter network eavesdropping:

  • Use Windows authentication to connect to the database server to avoid sending credentials over the network.
  • Install a server certificate on the database server. This results in the automatic encryption of SQL credentials over the network.
  • Use an SSL connection between the Web server and database server to protect sensitive application data. This requires a database server certificate.
  • Use an IPSec encrypted channel between Web and database server.

I need to dig more on the last three countermeasures.


Post a Comment

<< Home