Results 1 to 4 of 4

Thread: Securing online database against leakage

  1. #1

    Thread Starter
    Software Carpenter dee-u's Avatar
    Join Date
    Feb 2005
    Location
    Pinas
    Posts
    11,127

    Lightbulb Securing online database against leakage

    How do we secure or at least minimize data breach of our databases if we have web apps? Do we have to encrypt all data of each column/row?
    Regards,


    As a gesture of gratitude please consider rating helpful posts. c",)

    Some stuffs: Mouse Hotkey | Compress file using SQL Server! | WPF - Rounded Combobox | WPF - Notify Icon and Balloon | NetVerser - a WPF chatting system

  2. #2
    Super Moderator jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    111,222

    Re: Securing online database against leakage

    What exactly do you mean by "web apps"? If you have an application hosted on a web server and the user is accessing that via a browser then they can't see the database at all so there's nothing special required. The application is connecting to the database from inside the host's network so the only way someone could access data they shouldn't is if your application is badly written. This is why apps on phones and the like should access data via a web service rather than direct connection to the database. The web service provides the same layer of security as a web site does.
    Why is my data not saved to my database? | MSDN Data Walkthroughs
    VBForums Database Development FAQ
    My CodeBank Submissions: VB | C#
    My Blog: Data Among Multiple Forms (3 parts)
    Beginner Tutorials: VB | C# | SQL

  3. #3

    Thread Starter
    Software Carpenter dee-u's Avatar
    Join Date
    Feb 2005
    Location
    Pinas
    Posts
    11,127

    Re: Securing online database against leakage

    Yes, applications hosted on a web server. This past 2 years our website was defaced twice, and I do not know if to what extent those hackers got into the web server so I have this concern about the security of the database. Do I just trust the security of our host? It appears that if they can get into the database then they surely could also get into the source code and determine how to decrypt those data if ever we'll encrypt them.
    Regards,


    As a gesture of gratitude please consider rating helpful posts. c",)

    Some stuffs: Mouse Hotkey | Compress file using SQL Server! | WPF - Rounded Combobox | WPF - Notify Icon and Balloon | NetVerser - a WPF chatting system

  4. #4
    Superbly Moderated NeedSomeAnswers's Avatar
    Join Date
    Jun 2002
    Location
    Manchester uk
    Posts
    2,657

    Re: Securing online database against leakage

    There are a number of web security standards that you an apply which can help Take a Look at the OWASP top 10

    https://www.owasp.org/index.php/Cate...op_Ten_Project

    A few other things to consider is your website http or https ? If you are not using https then you should be as it encrypts your http traffic for you. You would need to purchase an SSL certificate obviously.

    One thing JMC touched upon is web services, all my apps both Web and Mobile are split with all database calls being in a web service, and the web app or mobile app is a different project which just makes web service calls.

    This gives you another layer of security firstly it absolutely prevents SQL Injection as your not making any SQL calls in your web page. It would completely separate your data from your website.

    Also using things like token authentication in your web service you can stop non authorised users from making web service calls.

    I create web and mobile software that we sell to companies and are hosted by them on there networks, and we not only have to follow security standards we often get penetration tested on our applications so we know taking these steps to secure you web apps, websites and web services work.
    Please Mark your Thread "Resolved", if the query is solved & Rate those who have helped you



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width