Welcome! Log In Create A New Profile

Advanced

Re: Block SQL Injection

April 20, 2011 09:38PM
On Wed, 2011-04-20 at 17:43 -0700, Payam Chychi wrote:
> Cliff Wells wrote:
> > On Thu, 2011-04-21 at 04:22 +0700, Joe wrote:
> >
> >> Put a daily backup on your databases. :)
> >>
> >
> > That doesn't really solve the issue. Once someone has compromised the
> > database, they can usually leverage that to gain wider system access.
> >
> > Cliff
> >
> >
> >
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://nginx.org/mailman/listinfo/nginx
> >
> >
> how does exploiting your db = wider system breach? sorry but that makes
> no sense

Easy. What data does your database store? Quite probably usernames and
passwords. A fundamental truth is that people often use the same
passwords for multiple services. If you can obtain the password for a
company's CMS or Webmail application, chances are you now have their
password for multiple services.

For a recent and well-publicized example of this type of intrusion,
Members of Anonymous hacked HBGary's database via a SQL-injection attack
on their CMS, which eventually led to compromised email accounts. They
then leveraged this to obtain more sensitive information via social
engineering (using a stolen email address to get ssh passwords).

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars

> and ive been doing system/network security & networking for
> over 10 years.

Well, I've been doing it for 23 years, so give yourself a little more
time.

Regards,
Cliff



_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Block SQL Injection

jacppe April 20, 2011 01:05PM

Re: Block SQL Injection

SplitIce April 20, 2011 01:26PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 04:24PM

Re: Block SQL Injection

Ryan Malayter April 20, 2011 04:48PM

Re: Block SQL Injection

unclepieman April 20, 2011 05:10PM

Re: Block SQL Injection

Joe April 20, 2011 05:24PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 06:12PM

Re: Block SQL Injection

unclepieman April 20, 2011 08:46PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 09:38PM

Re: Block SQL Injection

unclepieman April 20, 2011 11:10PM

Re: Block SQL Injection

Cliff Wells April 20, 2011 11:32PM

Re: Block SQL Injection

edogawaconan April 20, 2011 11:42PM

Re: Block SQL Injection

Cliff Wells April 21, 2011 12:00AM

Re: Block SQL Injection

António P. P. Almeida April 20, 2011 05:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 112
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready