The Main Threats To A Database Server
The main threats to a database server are:
- SQL injection
- Network eavesdropping
- Unauthorized server access
- Password cracking
See Securing Your Database Server in more detail. I didn't pay attention to network eavesdropping before. To counter network eavesdropping:
- Use Windows authentication to connect to the database server to avoid sending credentials over the network.
- Install a server certificate on the database server. This results in the automatic encryption of SQL credentials over the network.
- Use an SSL connection between the Web server and database server to protect sensitive application data. This requires a database server certificate.
- Use an IPSec encrypted channel between Web and database server.
I need to dig more on the last three countermeasures.
0 Comments:
Post a Comment
<< Home