...

View Full Version : Protecting Your Database



listerdl
04-23-2011, 12:02 AM
Is there a way for someone to download your entire SQL database - or said another way, is it possible to protect it?

Just interest b/c we are spending a lot of time populating our db and I woudlnt like to think that there is some sort of harvester out there that hackers can execute....

thanks

Old Pedant
04-23-2011, 02:03 AM
They could only download it if:

-- they somehow got at least FTP access to your server (but if they do that, then they can download everything on the server)

-- you put the directory that contains the db files *inside* the directories that are accessible via HTML *and* allow at least read access to those files by the web server

In short, if you do something really foolish, you are hosed. Use reasonable and customary precautions and you are safe.

nobackseat88
04-23-2011, 07:00 AM
A database can be downloaded via SQL Injection too.

NBS

Old Pedant
04-23-2011, 08:10 AM
Hmmm...not sure how you would do that.

You could certainly issue a command via sql injection, but unless the web server is simply dumping out raw data with now formatting, etc., it would be hard to get any significant amount of data.

Still...it's a good point.

Could be mitigated a lot in various ways. I know some DB shops that only allow the web server user to utilize a certain set of stored procedures. It's pretty draconian, but it's certainly ultra-safe.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum