All Questions
34 questions
3votes
1answer
552views
How to design a desktop application that has access to a database via LAN?
As part of a project for school I've been tasked with designing a secure application that should be able to upload and download files from a database. I have very little experience in the area of ...
- 31
1vote
1answer
168views
Are there any benefits of encrypting columns with sensitive data in the AWS RDS that is encrypted at rest?
For example, I have an application that allows users to integrate with 3rd party apps. It stores API keys for those applications in AWS RDS as plain text(a pretty old functionality). From the security ...
3votes
1answer
2kviews
Is SQL Injection possible in this case (REGEXP)?
I'm on a website which have a program, there is a search input for keywords. When I input & or < or > and search, it returns Got error 'empty (sub)expression' from regexp error and when I ...
- 31
3votes
1answer
198views
Security concerns in disseminating database design?
I work for a government agency, and we've been requested via a freedom of information request for the layout of the tables of one of our systems, a data dictionary and schema design request. What are ...
- 39
2votes
2answers
431views
How to address application database compromise
I recently came across a scenario in an assessment regarding IT security. I am new to this area and my knowledge is limited so I'm not sure if my answer to the scenario is suitable or not. Will really ...
3votes
1answer
434views
Why is it better to encrypt data in an application server than in the database server?
This is when protecting sensitive data in an application. As given in the OWASP Top 10: A6 Sensitive Data Exposure.
- 33
1vote
4answers
237views
Finding new software, checking their security history?
I work for a company and we are looking to sign up for a new database/check-in software. As such we have gone through many different software, ranging from basic to very intricate web technologies. ...
0votes
1answer
115views
What more can I do to secure my service?
I run a multiplayer gaming service that provides a server list for clients and servers. At the moment it uses an SQLite database stored locally (which is insecure in itself). I am drawing up plans to ...
- 777
3votes
2answers
190views
Prevent manipulation of password database
Given: A malicious user has gained (root) access to the server hosting an application's password database. Let's say the application is using a reliable password hashing mechanism like bcrypt and the ...
- 137
5votes
5answers
805views
Obfuscating IDs for greater security in DB?
Original post: https://laracasts.com/discuss/channels/general-discussion/best-way-to-secure-healthcare-data-in-db I have a problem dealing with high secure/sensitive (healthcare) data. I know about ...
- 51
0votes
2answers
137views
Is authenticating via the database secure
Sorry for this probably noobish question. So far, I've read password comparison/verification is implicitly understood to be made on the application layer and not in the database. For example in PHP, ...
- 101
2votes
3answers
1kviews
Validating Credentials - Logic in Application vs Database
I am studying Web Application Security, A Beginner's Guide Paperback – November 3, 2011 by Bryan Sullivan (Author), Vincent Liu (Author) On pp 69, "Validating Credentials", they say you can ...
- 249
-1votes
1answer
419views
retrieve database data with application server? [closed]
retrieve database data with application server?
- 57
5votes
1answer
2kviews
HIPAA: How am I required to secure PHI database access creds on my web server?
Assuming I have a database of PHI that my web application needs to access, how am I required to secure the credentials on the webserver that the web application uses to access this database? Is ...
34votes
4answers
7kviews
Is it okay to reveal database's table names?
I'm developing web application that uses database. I have to do some operations which needs database table names and db table schema. Will it be secure if I send this kind of information to client ...
- 687
