Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [security]

Allowing users to access only the data they are authorized to access. It also encompasses protection of data during movement on the network and storage on disks and backups.

Security includes the facets of Authentication, Authorization, Privacy, Cryptography, Integrity, and Access Control. Include tags to indicate what aspect the question concerns; user access such as , network security, , etc.

1084 questions
13
votes
4 answers

Is it ever good practice to use a distinct database account for each user of an application?

The applications I'm used to are server based and use one database account for many users, with the application code controlling what the user can do, or single-user. Are there any successful complex business applications where each person needs…
bdsl
  • 231
  • 2
  • 6
1
vote
0 answers

HQL Injection Question

This question popped into my head after reading this article. However, the more I read about this topic, the more it seems like a Dynamic SQL security issues. So i have 2 questions mainly: Is there really any difference between this and a Dynamic…
Chessbrain
  • 1,193
  • 2
  • 15
  • 23
1
vote
1 answer

Securely manage and dynamically create multiple databases

Background I have inherited a system that has several hundred databases. The primary "Clients" Database represents all clients with several tables like: WebUsers = username | password | server_id Servers = server_id | ip_address | The…
danielson317
  • 343
  • 2
  • 10
0
votes
1 answer

Would it make security sense to split up tables into different databases and or servers?

What I am asking is would it be more secure if I had a customer table in one database server and the transactional data in another database server? This way if the database is compromised they are only getting one piece of the pie? What kind of…
Rob
  • 103
  • 1
0
votes
2 answers

Making a database publicly readable to anyone on the Internet

Say that I have some data that is publicly available to begin (like an archive of hackernews stories), and I would like to make it available publicly in a sql database that is world-accessible. The constraints/salient points are these: The data is…
pseudosudo
  • 109
0
votes
1 answer

Is safe to allow Database accessible from internet

We have a database that many clients need to read/write via internet. There are two methods to deploy: (A) [Database server] <---internet/SSL---> [Clients]: Allow database can be directly accessed from internet using SSL connection. (B) [Database…
TrungNT
  • 9
  • 1
0
votes
1 answer

How do I judge whether a given sql statement has sql injection risk or not

Analysis the sql comes from sql log only, trying to find out which sql statement has risk of sql injection. it is different from the perspective of application side check.
Tao
  • 1
0
votes
1 answer

Quality Database Security Metrics

Fellow DBAs and Engineers, I'm looking for few quality Database security metrics. Purpose of these metric is to demonstrate level of security provided to database schemas in the organisation. Specifically, I'm looking for security metrics which can…
Rahul Ratan Sharma
  • 3
  • 1
0
votes
2 answers

is it a good practice to ip block dev/test app servers from production database server?

I would like to do this as somewhat of a last line of defense as we will be replicating production to test regularly. Is this good practice?
nene
  • 9
  • 1