security's questions - English 1answer

801 security questions.

I am developing a REST AOI backed by PostgreSQL. Users of the API must pass a session token in the Authorization header. For example: Authorization: Bearer fcda6eca-71c4-456c-a4df-4e398b11fa00 This ...

I have a server which runs third party software (called Visualcut) to email Crystal Reports to our users. When I log onto the Visualcut Server, I can open the software and then preview a report. This ...

I've been reading up on application roles in Microsoft SQL server. It seems an application role is like any other role in that permissions on securables can be granted to an application role, however, ...

PostgresSQL 10.4 is our backend database for a consumer-facing app with millions of users. When implementing row-level security so each user can only access their own data, is it best practice to use ...

If we configured IP restriction to allow only internal network, then why we need threat detection? IP restriction already blocks connections from other resources. Moreover, advanced threat detection ...

There are some rows in the result of sp_who2 which their Login column value is null (see image below) while the login_name column of sys.dm_exec_sessions is not blank and this sometimes happens ...

I have the opportunity of a small scale contract to design a database system for a small business, and I am unsure how to proceed. I have created Databases in Access & MySQL but only after IT ...

What permissions should I use for Active Directory groups to be able to deploy and then run/schedule their own jobs only? For example, I have 3 folders in the Integration Services catalog. Dept_A, ...

We are using SQL Server 2016 and want to use the Force Encryption option. From what I read, is it just installing the certificate on the Server itself and then setting the ForceEncyption to "Yes"? ...

i was looking for a way to make MySQL Enterprise Edition to send SNMP trap with audit log information. I've enabled the audit_log module and I've added some rules (for example i've decided to log ...

We are in the process of selectively encrypting connections to our SQL server using TLS1.2. We have few applications which are not configured for encryption yet (and are in the process)and hence will ...

If view 1 uses tables A and B, and a user has SELECT granted on view 1 is that sufficient for the user to select from view 1 or does he also need SELECT granted on tables A and B. Specific details on ...

There is a specific need to clean up logins from the SQL Servers after migration from one domain say abc to new domain foo. After migration as we still have those old logins and users under naming of ...

What is the SQL Server method of safe-quoting identifiers for dynamic sql generation. MySQL has quote_identifier PostgreSQL has quote_ident How do I ensure given a dynamically generated column name ...

I am considering moving most of my Databases to Azure SQL server Database, but I am concerned that Microsoft will be able to snoop and look at the data inside the database, which is absolutely not ...

We're using Visual Studio 15.7.2 and using SSIS on SQL 2017 (14.0.3029.16). We built a connection manager to a 3rd-party, vendor managed SQL Server 2008 R2 (10.50.6529.0). Our only allowed ...

I'm using SQL Server 2016 for these tests. The following did not allow me to create a table in schema S for user U USE [D]; GRANT CONTROL ON SCHEMA :: [S] TO [U]; But this did: USE [D] GRANT ALTER ...

is there a way to secure a mysql-server so no one can reset a password via --init-file-startup? there should only be a: "root" user (password not known to anyone else than person a) "system" user (...

I am working on some data access restriction feature in Oracle 11g and have been struggling since then. What I want to achieve is, that I want to allow a specific group only to access a particular ...

I've got a table structure where A has records with an owner ID, B links to A, and C links to B. I want to restrict access to rows in C by the ownerId, which is set as a setting on the session in the ...

For a system with sensitive information stored in a PostgreSQL 9.5 database, in which data stored in a table that is deleted must be securely deleted (like shred does to files), and where the system ...

Till today i am using the linked server with the user of sql having same username and password in both the servers. For now on i can not keep the 2 servers password same for some reason and i still ...

I would like to know is there any update about protecting DB Structure? We deliver a licensed app that uses SQL as its main DBMS and we would like to lock the database structure (schema). I know I ...

I have 10 databases on a server. Each database is part of a different AG. Each database has its own listener. Can I hide all databases and show only the one database belonging to a listener? I also do ...

So, I've been trying to solve the blue icon question mark on my sql server in SQL Server Management Studio by following the answer in the following link: Blue icon with question mark - what does it ...

I am evaluating best database solution for a sizeable application. My basic requirements include: Data should be encrypted at disk level Mobile support Scalable Enterprise support I realized ...

Let's say we have a fully encrypted database (the type of encryption is not considered in this scenario), and we produce two backups for that database. If I encrypt only one of the backups, would ...

I have some instances were some of the BI teams can create their own schduled jobs in the sql agent. However i also have a couple house keeping jobs i don't want them to interfere with. Can I create ...

Due to GDPR, we are seeking software to help identify malicious activity or data breaches from our production SQL Server. It seems if we were using Azure, this is a flick of a switch. What is ...

I have an AD group that is setup as a Windows Authenticated SQL Login on my SQL Server. On DatabaseA it has the db_datareader and public roles. So the users of this AD group only have read access to ...

I'm having some friction when it comes to showplan permission security. Say there are 5 databases on a server. And each one has a test/ production split (so 10 total). There is one sysadmin. There ...

As the Title suggest, is there a way to check what IP used a particular SQL Script? The scenario is, there is a recreation script in a email and we hypothesize that somehow, that recreation script ...

I have an odd encryption and decryption problem. Encryption worked fine in SQL 2008 R2, we were using TRIPLE_DES_3KEY. This has been deprecated in SQL 2016, so we were are testing out AES_256. My ...

We are getting the above error on a SQL 2012 server running Windows Server 2008R2 when connecting using an application and a service account. The server also has Config Manager database and GAP policy ...

Is it true that stored procedures prevent SQL injection attacks against PostgreSQL databases? I did a little research and found out that SQL Server, Oracle and MySQL are not safe against SQL injection ...

I'm building a shared hosting SQL Server tool for linux, where users only receive access to their own database, with a SQL Login and SQL Database User that has db_datareader, db_datawriter and ...

Since 9.2, it's been possible to use the security_barrier attribute to guard against maliciously-chosen functions and operators accessing data 'hidden' behind filters in views (full info in the ...

I am in the process of building a new environment for my company's Customer Relationship Management (CRM) system. This system is a commercially available product which uses SQL Server as its back end ...

I'm building an application that is attached to a legacy application database. The application has it's own database that is on the same server as the legacy database. My application is ASP.NET and ...

I'm setting up a new server using MariaDB (current stable version of 10.3) and I notice that all of my users - mainly root and debian-sys-maint - do not have an authentication_string after the ...

I'm redesigning security setup in our database. I was in process of defining certain user-defined roles and - as I find it handy - on the other monitor I was browsing documentation to make sure I don'...

I want to enable audit trail for specific user, but only for sessions when this user connect to database using one specific module applications. For ex. I want to enable audit trail for user test1 ...

The MariaDB knowledge base article for the command mysql_secure_installation states that mysql_secure_installation accepts some options: basedir defaults-extra-file defaults-file no-defaults No ...

I intend to be using a UNIQUEIDENTIFIER as an access key that users can use to access certain data. The key will act as a password in that sense. I need to generate multiple such identifiers as part ...

The security folks want all AD passwords to expire every three months. I'm really not excited about this, since I definitely won't remember, and I'll likely be on my boat, drunk, when they expire. ...

I can not log in to SQL Server 2008 using SQL Server authentication. I can only log in using Windows Authentication Mode. I chose only defaults while installing SQL Server 2008 R2.

I'm implementing a new feature which requires data from databases on multiple servers. I just need to union data from all these servers and sort it. The two options that come to mind are: Use linked ...

I have been working on a solution to synchronise logins (using T-SQL) between 2 servers, or between AlwaysOn nodes, inspired by sqlsoldier. It requires a linked Server. When run, this procedure ...

I have been working on a solution to synchronise logins (using T-SQL) between 2 servers, or between AlwaysOn nodes, inspired by sqlsoldier. It requires a linked Server. this is a partial view of the ...

I have a database that will be shared across multiple related types of applications for different users. I want to be able to restrict each database user to essentially have full control over their ...

Related tags

Hot questions

Language

Popular Tags