Click here to Skip to main content
15,860,972 members
Home / Discussions / Database
   

Database

 
GeneralRe: Any good tool (free) for DB Schema? Pin
Sandeep Mewara14-Aug-20 3:39
mveSandeep Mewara14-Aug-20 3:39 
QuestionMS SQL Database Breach Pin
Otekpo Emmanuel13-Aug-20 4:03
Otekpo Emmanuel13-Aug-20 4:03 
AnswerRe: MS SQL Database Bridge Pin
Richard MacCutchan13-Aug-20 4:14
mveRichard MacCutchan13-Aug-20 4:14 
GeneralRe: MS SQL Database Bridge Pin
Otekpo Emmanuel13-Aug-20 5:02
Otekpo Emmanuel13-Aug-20 5:02 
AnswerRe: MS SQL Database Bridge Pin
Richard Deeming13-Aug-20 4:18
mveRichard Deeming13-Aug-20 4:18 
GeneralRe: MS SQL Database Bridge Pin
Otekpo Emmanuel13-Aug-20 5:01
Otekpo Emmanuel13-Aug-20 5:01 
GeneralRe: MS SQL Database Bridge Pin
Otekpo Emmanuel14-Aug-20 5:19
Otekpo Emmanuel14-Aug-20 5:19 
GeneralRe: MS SQL Database Bridge Pin
Richard Deeming14-Aug-20 5:38
mveRichard Deeming14-Aug-20 5:38 
Otekpo Emmanuel wrote:
Will it be possible for attacker to select all table names from my database without having idea of the database name or anything related using the browser address bar or any input field of my site? If yes, how can I prevent this?

Yes, if your code is vulnerable to SQL Injection[^], an attacker can still dump your entire database.

Blind SQL Injection | OWASP[^]
Hacking is child's play - SQL injection with Havij by 3 year old[^]

The fix is to always use properly parameterized queries, and never concatenate values into the query itself - especially if those values could potentially be controlled or manipulated by the user.


Otekpo Emmanuel wrote:
My question is, can a routed url i.e www.mysite.com/user/0683 be manipulated?

Assuming the number is a sequential ID for your users, an attacker could try changing it to see if that can access information for other users. This is known as an Insecure Direct Object Reference (IDOR). If your code doesn't validate the user's permissions, this can lead to a security vulnerability.

Insecure Direct Object Reference Prevention - OWASP Cheat Sheet Series[^]

The fix is to always validate that the currently authenticated user has permission to access the data they are requesting.



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: MS SQL Database Bridge Pin
Otekpo Emmanuel14-Aug-20 5:56
Otekpo Emmanuel14-Aug-20 5:56 
QuestionAws lamda Pin
Member 1490095628-Jul-20 2:16
Member 1490095628-Jul-20 2:16 
AnswerRe: Aws lamda Pin
CHill604-Aug-20 3:02
mveCHill604-Aug-20 3:02 
AnswerRe: Aws lamda Pin
MichaelFern15-Sep-20 2:19
MichaelFern15-Sep-20 2:19 
QuestionNeed a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
simpledeveloper21-Jul-20 9:45
simpledeveloper21-Jul-20 9:45 
AnswerRe: Need a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
Richard MacCutchan21-Jul-20 10:28
mveRichard MacCutchan21-Jul-20 10:28 
GeneralRe: Need a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
simpledeveloper21-Jul-20 11:57
simpledeveloper21-Jul-20 11:57 
GeneralRe: Need a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
Richard MacCutchan21-Jul-20 21:30
mveRichard MacCutchan21-Jul-20 21:30 
AnswerRe: Need a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
Eddy Vluggen21-Jul-20 10:35
professionalEddy Vluggen21-Jul-20 10:35 
AnswerRe: Need a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
W Balboos, GHB21-Jul-20 11:01
W Balboos, GHB21-Jul-20 11:01 
AnswerRe: Need a script, SDF or UDF for checking the following conditions and make IF Else in a stored procedure SQL Server Pin
Richard Deeming21-Jul-20 23:25
mveRichard Deeming21-Jul-20 23:25 
QuestionHow to optimize Hash Match aggregation in SQL Server execution plan Pin
kali siddhu17-Jul-20 0:38
kali siddhu17-Jul-20 0:38 
AnswerRe: How to optimize Hash Match aggregation in SQL Server execution plan Pin
Eddy Vluggen21-Jul-20 10:44
professionalEddy Vluggen21-Jul-20 10:44 
QuestionDead lock issue with Update and delete statement on the same table Pin
kali siddhu14-Jul-20 23:37
kali siddhu14-Jul-20 23:37 
AnswerRe: Dead lock issue with Update and delete statement on the same table Pin
David Mujica15-Jul-20 10:57
David Mujica15-Jul-20 10:57 
GeneralRe: Dead lock issue with Update and delete statement on the same table Pin
kali siddhu15-Jul-20 23:33
kali siddhu15-Jul-20 23:33 
QuestionIs there any alternative for Trigger After Insert Pin
simpledeveloper13-Jul-20 17:56
simpledeveloper13-Jul-20 17:56 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.