What are the countermeasures against database attacks?

Home / Hacking, News, Security / What are the countermeasures against database attacks?

September 14, 2008 PlanetCreator 0 Comments 0 tags

The following are the countermeasures against database attacks:

* Input Sanitization: The Database Administrator must sanitize any input received from a user. The data submitted should be checked for data type (integer, string, and so on) and stripped of any undesirable characters, such as meta-characters.
* Adherence to strong firewall rules: Be sure to check firewall rules from time to time and always block any database access ports, such as TCP and UDP 1434 (MS SQL) and TCP 1521-1530 (Oracle).
* Modification of error reports: To avoid a SQL injection, the developer should handle or configure error reports in such a way that the error is not visible to outside users. In these error reports, a full query is sometimes shown, pointing to the syntax error involved, and the attacker could use it for further attacks. A display of errors should be restricted only to internal users.
* Stored procedure removal: Be sure to remove all stored procedures (including extended stored procedures) from the entire database. These seemingly innocent scripts can help an attacker topple even the most secure databases.
* Session encryption: When a database server is separate from a Web server, be sure to encrypt the session stream using any method, such as using IPSec native to Windows 2000.
* Least privilege: The default system account (sa) for SQL Server 2000 should never be used.
* Escape quotes: Replace all single quotes with two single quotes.

Explore More

DDoS Attack on Myanmar Takes the Country Offline

The main Internet provider for Myanmar, the southeast Asian nation formerly known as Burma, has been under severe denial of service attack since at least October 25, according to the

How to create botnet?

The tutorial includes how to install a ircd, how to compile a bot & ways to spread. “Chapters” 1. What is needed 2. How to configure an (unreal)ircd 3. How

Critical SQL Injection in People Magazine

PlanetCreator has reported another critical SQL Injection (vulnerability) onÂ People Magazine Online Website http://www.people.com.mm Powered by Inforithm-Maze. SQL injection is a code injection technique that exploits a security vulnerability occurring

[remote] Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
on April 4, 2025 at 12:00 am
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
[remote] Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
on April 4, 2025 at 12:00 am
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
[remote] Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
on April 4, 2025 at 12:00 am
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
[remote] Vite 6.2.2 - Arbitrary File Read
on April 3, 2025 at 12:00 am
Vite 6.2.2 - Arbitrary File Read
[webapps] ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
on April 3, 2025 at 12:00 am
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials