Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Mar 2011
    Posts
    164
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Protecting Your Database

    Is there a way for someone to download your entire SQL database - or said another way, is it possible to protect it?

    Just interest b/c we are spending a lot of time populating our db and I woudlnt like to think that there is some sort of harvester out there that hackers can execute....

    thanks

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,965
    Thanks
    79
    Thanked 4,429 Times in 4,394 Posts
    They could only download it if:

    -- they somehow got at least FTP access to your server (but if they do that, then they can download everything on the server)

    -- you put the directory that contains the db files *inside* the directories that are accessible via HTML *and* allow at least read access to those files by the web server

    In short, if you do something really foolish, you are hosed. Use reasonable and customary precautions and you are safe.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    Regular Coder
    Join Date
    Dec 2007
    Posts
    145
    Thanks
    5
    Thanked 5 Times in 5 Posts
    A database can be downloaded via SQL Injection too.

    NBS

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,965
    Thanks
    79
    Thanked 4,429 Times in 4,394 Posts
    Hmmm...not sure how you would do that.

    You could certainly issue a command via sql injection, but unless the web server is simply dumping out raw data with now formatting, etc., it would be hard to get any significant amount of data.

    Still...it's a good point.

    Could be mitigated a lot in various ways. I know some DB shops that only allow the web server user to utilize a certain set of stored procedures. It's pretty draconian, but it's certainly ultra-safe.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •