Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (14 April 2014 - 05:28 PM) By The Way, This Could Be An Interesting Subject For A Topic, What About Posting This Question? Let's See If Other People Have The Same Feeling Concerning Bootlists!
@  yordan : (13 April 2014 - 09:36 AM) Boot Order : Cd, [Usb,] Hard Drive :D
@  yordan : (11 April 2014 - 07:23 PM) I Simply Let The Bios Do That
@  Ritesh : (11 April 2014 - 10:23 AM) Is It Possible To Launch Fedora Live Cd Or Installation Disk From Hard Drive On Windows Platform Using Grub Mbr File.
@  Ritesh : (11 April 2014 - 10:21 AM) No U Are Not.. Btw.. I Have Question For You.
@  yordan : (10 April 2014 - 08:02 AM) You Are Partially Right.
I Was Not.
Nevertheless, I Am Again :)
@  Ritesh : (09 April 2014 - 07:33 PM) :P
@  Ritesh : (09 April 2014 - 07:33 PM) I Think U R Not..
@  yordan : (09 April 2014 - 09:28 AM) I'm The Master Of The Shoutbox!
@  yordan : (05 April 2014 - 10:32 PM) He-He
@  Ritesh : (04 April 2014 - 06:59 PM) Ha Ha Ha ....
@  yordan : (04 April 2014 - 11:15 AM) Welcome Back, Starscream!
@  yordan : (03 April 2014 - 02:31 PM) And I Hope That He Will Come Back Soon :)
@  yordan : (01 April 2014 - 02:53 PM) Nice, Ritesh Came, I'm Not Home Alone Today.
@  Ritesh : (01 April 2014 - 08:51 AM) Oh!!! Poor Dear Yordan..
@  yordan : (31 March 2014 - 10:02 AM) I'm A Poor Lonesome Cow-Boy
@  yordan : (27 March 2014 - 02:22 PM) He Is Unpatient Due To His Patients!
@  Ritesh : (27 March 2014 - 10:46 AM) :(
@  Ritesh : (27 March 2014 - 10:46 AM) He Is Busy With His Patients.
@  yordan : (26 March 2014 - 08:12 PM) Ahsani, Where Are You?

Photo
- - - - -

MS-SQL Or MySQL wHAT ARE THE SECURITY CONCERS


3 replies to this topic

#1 NilsC

NilsC

    To Err Is Human, To Forgive Divine

  • Members
  • 558 posts
  • Location:http://www.ultimatekayakfishing.com/
  • Interests:Kayakfishing, build and run web sites and forums.

Posted 30 December 2004 - 09:39 PM

I'm making a few assumptions so correct me when I'm wrong. :)

Assumption 1:

My website is hosted by a hosting company.

Assumption 2:

My M$SQL or mySQL database resides on a server on my network.

If the 2 assumptions are correct. What are security issues I have to look at. Do I need to put the sql server in a DMZ with an inside and outside Firewall? Can the sql server sit on my network behind the firewall and nothing betwen that and the users.

What would be the correct and safe way for data to move between the sql server and the web?
What would be the correct and safe way for data to move between 'my' users and the sql server. What are the issues when it comes to populating the tables with user input?

If there are any issues I didn't touch on or a better solution let me know.

Thank you
Nils

#2 r3d

r3d

    death

  • Members
  • 268 posts

Posted 31 December 2004 - 04:02 AM

if your using m$sql ms provide a security soln't for you, just check thier dev site.
for mySQl properly config of admin's priv and it's user. a power password for admin and a minimal privileges for your user, remove defualt accounts. for anti enjection good design of db, and secure code(server side code).

#3 NilsC

NilsC

    To Err Is Human, To Forgive Divine

  • Members
  • 558 posts
  • Location:http://www.ultimatekayakfishing.com/
  • Interests:Kayakfishing, build and run web sites and forums.

Posted 31 December 2004 - 03:47 PM

I'm going to get mySQL for home. Where I work we are using M$SQL but they are on production servers and I don't think they'll approve of me playing with that. Then again they wouldn't know that I did it until the next external audit / upgrade of the server.

Upgrades happen every 3 to 5 years so it's not to often.

Nils

#4 Hercco

Hercco

    Super Member

  • Members
  • 595 posts

Posted 03 January 2005 - 05:14 PM

MS SQL server is still stubbornly clinging on that fourth place in the SANS Top 20 Vulnerabilities list.

I have no actual knwoledge on security of the MySQL but database servers in general tend to be a bit risky. Keeping them in DMZ sounds like a good idea. Due to it's open sourcesness and high popularity MySQL should be way safer than MS SQL.



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users