Most databases will allow unencrypted network connections in their default configurations. Direct connections should never be made from a thick client to the backend database. When an application is running on an untrusted system (such as a thick-client), it should always connect to the backend through an API that can enforce appropriate access control and restrictions. Similar protection should be implemented to protect any web-based management tools used with the database, such as phpMyAdmin. Placing the database server in a separate DMZ isolated from the application server.Restricting access to the network port to specific hosts with firewall rules.Configuring the database to only bind on localhost. Disabling network (TCP) access and requiring all access is over a local socket file or named pipe.The following options could be used to protect it: Exactly how this is achieved will depend on the system and network architecture. The backend database used by the application should be isolated as much as possible, in order to prevent malicious or undesirable users from being able to connect to it. For details about protecting against SQL Injection attacks, see the SQL Injection Prevention Cheat Sheet. It is intended to be used by application developers when they are responsible for managing the databases, in the absence of a dedicated database administrator (DBA). This cheat sheet provides guidance on securely configuring and using the SQL and NoSQL databases. Insecure Direct Object Reference Preventionĭatabase Security Cheat Sheet ¶ Introduction ¶
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |