Databases Reference
In-Depth Information
product_profile(product, userid, attribute, char_value)
values('SQL*Plus', 'SCOTT', 'UPDATE', 'DISABLED');
and later sign on as scott, then any attempt to perform an update through
SQL*Plus will result in the following error message:
SP2-0544: invalid command: update
This type of application security functionality is useful, but unfortu-
nately PRODUCT_PROFILE only works for SQL*Plus (and even then it
has many limitations and too many ways to get around it). If you need this
type of capability (either as a control measure or to be in compliance with a
set policy), you will have to use a SQL firewall.
The final technique that can help you in addressing the clear text pass-
word, vulnerability is to transfer ownership of authentication away from
the database. As an example, using Windows authentication rather than
mixed authentication in SQL Server usually means better password man-
agement. If you use LDAP to store all of your usernames and passwords
and if the LDAP server is used for authentication by both the application
server and the database server, then it is more likely that passwords are not
kept in configuration files. Because all major database platforms support
this authentication models (and actually recommend them), you should
evaluate whether using such techniques are right for you. Note that while
a merged authentication model creates a more secure environment, it
sometimes only alters the point of vulnerability (e.g., you should review
where the username and password used to access the LDAP server are
being stored). Also note that these techniques can be used in tandem with
monitoring an access baseline and/or enforcing an access policy imple-
mented by using a SQL firewall.
5.2
Obfuscate application code
Another application vulnerability category that is common in some of
today's application environments results from the fact that application code
is often too exposed. Depending on the programming language used to
develop the application, a hacker can sometimes extract source code to dis-
cover what and how the application is accessing the database. This can be
effective in launching a database attack—directly or through the applica-
tion, as you will see in Section 5.3.
 
Previous Page
Next Page
Implementing Database Security and Auditing
Search WWH ::




Custom Search
Home