Index
 |
MS-SQL Or MySQL - wHAT ARE THE SECURITY CONCERS | ||
Discussion by NilsC with 3 Replies.
Last Update: January 3, 2005, 5:14 pm | |||
 |
|||
I'm making a few assumptions so correct me when I'm wrong. 
Assumption 1:
My website is hosted by a hosting company.
Assumption 2:
My M$SQL or mySQL database resides on a server on my network.
If the 2 assumptions are correct. What are security issues I have to look at. Do I need to put the sql server in a DMZ with an inside and outside Firewall? Can the sql server sit on my network behind the firewall and nothing betwen that and the users.
What would be the correct and safe way for data to move between the sql server and the web?
What would be the correct and safe way for data to move between 'my' users and the sql server. What are the issues when it comes to populating the tables with user input?
If there are any issues I didn't touch on or a better solution let me know.
Thank you
Nils
Assumption 1:
My website is hosted by a hosting company.
Assumption 2:
My M$SQL or mySQL database resides on a server on my network.
If the 2 assumptions are correct. What are security issues I have to look at. Do I need to put the sql server in a DMZ with an inside and outside Firewall? Can the sql server sit on my network behind the firewall and nothing betwen that and the users.
What would be the correct and safe way for data to move between the sql server and the web?
What would be the correct and safe way for data to move between 'my' users and the sql server. What are the issues when it comes to populating the tables with user input?
If there are any issues I didn't touch on or a better solution let me know.
Thank you
Nils
Thu Dec 30, 2004 Reply New Discussion
if your using m$sql ms provide a security soln't for you, just check thier dev site.
for mySQl properly config of admin's priv and it's user. a power password for admin and a minimal privileges for your user, remove defualt accounts. for anti enjection good design of db, and secure code(server side code).
for mySQl properly config of admin's priv and it's user. a power password for admin and a minimal privileges for your user, remove defualt accounts. for anti enjection good design of db, and secure code(server side code).
Fri Dec 31, 2004 Reply New Discussion
I'm going to get mySQL for home. Where I work we are using M$SQL but they are on production servers and I don't think they'll approve of me playing with that. Then again they wouldn't know that I did it until the next external audit / upgrade of the server.
Upgrades happen every 3 to 5 years so it's not to often.
Nils
Upgrades happen every 3 to 5 years so it's not to often.
Nils
Fri Dec 31, 2004 Reply New Discussion
MS SQL server is still stubbornly clinging on that fourth place in the SANS Top 20 Vulnerabilities list.
I have no actual knwoledge on security of the MySQL but database servers in general tend to be a bit risky. Keeping them in DMZ sounds like a good idea. Due to it's open sourcesness and high popularity MySQL should be way safer than MS SQL.
I have no actual knwoledge on security of the MySQL but database servers in general tend to be a bit risky. Keeping them in DMZ sounds like a good idea. Due to it's open sourcesness and high popularity MySQL should be way safer than MS SQL.
Mon Jan 3, 2005 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Access Lesons (0)
|
(1) Populate A SQL DB With Data? Excuse my ignorance! 
|