hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Security & SQL Server
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

Security & SQL Server

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 09-17-2004, 11:22 PM
kmkeen71 kmkeen71 is offline
Newbie
  
Join Date: Aug 2002
Location: New Jersey
Posts: 24

Security & SQL Server

Hi WHT Clan,

I have a question for the forum and am looking for advice.

My former partner is haveing serious hacking problems and this is impacting her software development. She is using SQL Servedr and she is attributing all of the problems to SQL. She says the more she reads up on it the more she realizes how easy it would be to hack into any SQL server that has input text boxes without validation.

My argument is that, yes it does have security issues (what Microsoft product doesn't) but is it really that easy. How secure is it? Should I stay away from it?

Alternate solutions?

Thanks & Best Regards,
Kyle

Reply With Quote


Sponsored Links
  #2  
Old 09-18-2004, 12:01 AM
Steven Steven is online now
I like ice cream
  
Join Date: Mar 2003
Location: California USA
Posts: 11,570
Depends on how its getting hacked, it could be getting hacked through weak logins such as sa/null. There is also a "sql hello" exploit for mssql.

__________________
Steven Ciaburri | Proactive Linux Server Management - Rack911.com | 1.855.RACK911
System Administration Extraordinaire

Managed Dedicated Servers, Linux Server Management, Disaster Recovery, Server Security Audits

Reply With Quote
  #3  
Old 09-18-2004, 12:16 AM
mattwade mattwade is offline
Web Hosting Evangelist
  
Join Date: Dec 2002
Posts: 508
Re: Security & SQL Server
Quote:
Originally posted by kmkeen71
She says the more she reads up on it the more she realizes how easy it would be to hack into any SQL server that has input text boxes without validation.
I think that can apply to just about any sql server. If data is not validated, SQL injection attacks can and will happen.

__________________
Matt Wade
Christian Web Hosting
http://codewalkers.com/ - Home of the PHP Coding Contest
http://phphosts.codewalkers.com/ - Directory of PHP Web Hosts. Free Listing.

Reply With Quote
Sponsored Links
  #4  
Old 09-20-2004, 10:08 PM
freebird freebird is offline
Newbie
  
Join Date: Sep 2004
Posts: 5
Re: Security & SQL Server

quote:
--------------------------------------------------------------------------------
Originally posted by kmkeen71
She says the more she reads up on it the more she realizes how easy it would be to hack into any SQL server that has input text boxes without validation.

--------------------------------------------------------------------------------
I think that can apply to just about any sql server. If data is not validated, SQL injection attacks can and will happen.
--------------------------------------------------------------------------------

I second that. Its the responsibility of the programmer to validate any data entered into forms.

Depending on the complexity of your application, you can probably rewrite your application using asp.net rather rapidly using well know tools such as dreamweaver or ms visual studio. The code produce by these tools take care of the validation. But thats just for asp.net, not classic asp.

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Web Host 1&1 Internet Adds Server Restoration Tool for Virtual Machines Web Hosting News 2012-11-07 15:45:16
Oracle is the Latest Vendor to Apply Patch for Apache Killer Flaw Web Hosting News 2011-09-19 14:43:58
Security Provider HostingArmor Releases Server Scanning cPanel Plugin Web Hosting News 2011-07-25 19:33:26
Security Firm CloudPassage Joins Rackspace Cloud Tools Program Web Hosting News 2011-06-20 20:42:55
CloudPassage Joins Cloud Security Alliance Web Hosting News 2011-06-09 20:58:30


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks

Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?