By default if you connect to a remote SQL Server via an account that has access to say 1 of the 10 databases. You will still see in the Object Explorer all other databases, obviously due to permissions you cannot actually query them, but you can see their names. I have heard that there is a method that disable this behavior, but I've b...
I have a table in SQL Server 2000 Standard Edition called "dbo.T668" (don't blame me for the naming convention). I'm working on the server using SQL Server Management Studio 2005, and for some strange reason, I can't see the table at all in the list of tables. I see all the other tables, but not this one. If I open up a query editor a...
I'm working on the backend for a Flash game and I need to secure the data going into the scoreboard. The game is going to be hosted on many sites in a banner ad, the user will play the game in the advert then click through to the main site to save their details. At the moment I am thinking along the lines of this User plays the game ...
I want to develop a Web applications to collect or exchange sensitive or personal data, this system would give user a detailed automated report on : • How secure user's website is? • How easily it can be hacked? • Where exactly is the problem and • What are the remedies? Any suggestions???? ...
Here is the scenario. I have a SQL Server 2005 production database/server. It currently has developers and supporters who can connect to it. I need to create a security module that gives developers read-only access to all areas of the database. This means that a developer should be able to view all objects as well as scheduled activities...
I'm making desktop application (lets call it app) which uses database (mysql). More app's users share one database user. Example : John and Mike app users connect to DB as "dbuser", etc. The problem is : How do I effectively save passwords for DB users? (app users's pwds are stored in DB). Possible solutions I found : 1. in the code -...
If I accidentally double escape a string, can the DB be harmed? For the purposes of this question, let's say I'm not using stored procedures or parametrized queries For example, let's say I get the following input: bob's bike And I escape that: bob\'s bike But my code is horrible, and escapes it again: bob\\\'s bike Now, if I i...
Hi, I am on my dissertation in my final year at university at the moment. One of the areas I need to research is security - for both websites and for databases. I currently have sections on the following: Website Form security - such as data validation. This section is more about preventing errors made by legitimate users as much as ...
While working with some random sql queries on our databases, we may not want to insert or delete items to some of the database tables by just typing their names by mistake. So how to make them locked to the "editing", to be able to work safe. Thanks. ...
You are the DBA for the VeryFine Toy Company and create a relation called Employees with fields ename, dept, and salary. For authorization reasons, you also define views EmployeeNames (with ename as the only attribute) and DeptInfo with fields dept and avgsalary. Show the view definition statements for EmployeeNames and Dept...
If I have a server with a database if top secret data in PostgreSQL and my password is practically impossible to crack (128 character string of all sorts of weird chars, generated by hand). The server password is also uncrackable in theory (basically, ignore the possibility of a password crack). Aside from a password crack, how easy is ...
Hi guys! so as title says, I would like to hear your advices what are the most important questions to consider and ask end-users before designing database for their application. We are to make database-oriented app, with special attenion to pay on db security (access control, encryption, integrity, backups)... Database will also keep s...
Typically I use a database such as MySQL or PostGreSQL on the same machine as the application using it, which makes access easy and secure. I'm just now building the first site that will have a separate physical database server (later this year it will). I'm wondering 3 things: (security) What things should I look into for starters per...
I am starting to build a SaaS line of business application in ASP.NET MVC2 but before I start I want to establish good architecture foundation. I am going towards a shared database and shared schema approach because the data architecture and business logic will be quite simple and efficiency along with cost effectiveness are key issues....
I'm writing an app which main purpose is to keep list of users purchases. I would like to ensure that even I as a developer (or anyone with full access to the database) could not figure out how much money a particular person has spent or what he has bought. I initially came up with the following scheme: --------------+-----------...
Are there any SQL injection tools out there so I can test my site for vulnerabilities? Any good ones? Free ones would be good. ...
I have a c# winform application that uses SQL 2005 Express. The application creates math and reading quizzes and is marketed to parents of school-aged children. The parents purchase and download SQL files containing quizzes from my website and install them in the application (which is installed on their child's computer). I have two S...