Jump to content
xisto Community
Sign in to follow this  
NilsC

MS-SQL Or MySQL wHAT ARE THE SECURITY CONCERS

Recommended Posts

I'm making a few assumptions so correct me when I'm wrong. :)Assumption 1:My website is hosted by a hosting company.Assumption 2:My M$SQL or mySQL database resides on a server on my network.If the 2 assumptions are correct. What are security issues I have to look at. Do I need to put the sql server in a DMZ with an inside and outside Firewall? Can the sql server sit on my network behind the firewall and nothing betwen that and the users.What would be the correct and safe way for data to move between the sql server and the web?What would be the correct and safe way for data to move between 'my' users and the sql server. What are the issues when it comes to populating the tables with user input?If there are any issues I didn't touch on or a better solution let me know.Thank youNils

Share this post


Link to post
Share on other sites

if your using m$sql ms provide a security soln't for you, just check thier dev site.for mySQl properly config of admin's priv and it's user. a power password for admin and a minimal privileges for your user, remove defualt accounts. for anti enjection good design of db, and secure code(server side code).

Share this post


Link to post
Share on other sites

I'm going to get mySQL for home. Where I work we are using M$SQL but they are on production servers and I don't think they'll approve of me playing with that. Then again they wouldn't know that I did it until the next external audit / upgrade of the server.Upgrades happen every 3 to 5 years so it's not to often.Nils

Share this post


Link to post
Share on other sites

MS SQL server is still stubbornly clinging on that fourth place in the SANS Top 20 Vulnerabilities list.

I have no actual knwoledge on security of the MySQL but database servers in general tend to be a bit risky. Keeping them in DMZ sounds like a good idea. Due to it's open sourcesness and high popularity MySQL should be way safer than MS SQL.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.