All Questions

Tagged with
257 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
4votes
1answer
169views

May multiplication operator cause SQL injection?

I am using acunetix to perform part of a security audit on an incoming website. The application is mainly developped with PHP and MySql. All user input are escaped, but some input (url parameters ...
user avatar
  • 1,447
4votes
1answer
107views

MySQL / Store MySQL Credentials

How can I store credentials for other MySQL servers in a MySQL database securely? I'm working on a project which requires that I connect to other's MySQL servers, but I don't know how to securely ...
user avatar
4votes
1answer
1kviews

Java data encryption/decryption

I have a spring-mvc stack that stores data in MySQL. Some of this data needs to be protected, so I am thinking I should encrypt it. Since I may need to use this data later (credit cards, SSN, other) ...
user avatar
  • 4,791
3votes
1answer
35views

Universal user profile for subproject sites – securely trasfering user data from main server

I have a site (A) for main project with user system (which is supposed to display all student competitions and academic events in my country for registred users. The site is also enabling users to ...
user avatar
3votes
2answers
1kviews

JAVA how to store mysql login details

Environment I have a java application that is going to need access to a mysql database to load and save data and the load/save cannot occur by writing to disk, so it has to be through the database. ...
user avatar
  • 145
3votes
1answer
81views

MySQL Basic Privileges For Application User / Security

What is the basic recommended privileges list that I must disable for MySQL user (that created for web application) to make application more secure? I mean privileges like FILE and may be other ...
user avatar
  • 3,301
3votes
1answer
74views

Prompt for password when mysql client reconnects

I am invoking mysql through the following : mysql -h localhost -u user -p db This will lead to the user being prompted to enter the password. However I have set the interactive_timeout to 60 secs....
user avatar
3votes
3answers
290views

php authentication/database code style

I'm wondering about the common practice of embedding things like hashing and encryption deep inside lower level code. Seems like it would be better to use some sort of object or macro convention so ...
user avatar
3votes
3answers
471views

correct method of testing for SQL Injections

Hello I am developing a website and doing some penetration testing. It is built in CakePHP who have made me aware that: CakePHP already protects you against SQL Injection if you use CakePHP's ORM ...
user avatar
3votes
1answer
3kviews

Why MySQL disable load local infile is not working?

As part of security hardening, I am trying to disable local_infile and Prevent someone accessing local files of Operating System. As per the documentation I can disable it by either setting the ...
user avatar
  • 387
2votes
0answers
22views

Trusting a shared mysql server exposed on the internet

I have the possibility to use a shared mysql server offered by a reliable Italian cloud provider (Aruba). The service satisfies my performance needs and would notably simplify my infrastructure. My ...
user avatar
  • 51
2votes
0answers
1kviews

System.Security.Authentication.AuthenticationException(A call to SSPI failed)

Found many such posts on StackOverflow, but none of solving this problem. We are getting this exception since last few months and struggling to fix it. Only a few of the requests(around 10) per hour ...
user avatar
  • 491
2votes
0answers
1kviews

Why MySQL connection refused for some servers?

In short, I have this issue: local server --> remote db server : Connected successfully other remote server --> remote db server : Connection refused The story: Because of my web hosting (...
user avatar
2votes
1answer
816views

PHP PDO Security Procedures for Simple Inserting into MySQL

I'm just starting to learn PHP (alongside SQL) and I've looked a lot into security measures. This website: https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet has helped me, although most of it ...
user avatar
2votes
1answer
199views

PHP - Secure user permissions with user profile

I'm currently building a website for myself. I'm looking to restrict certain aspects to the public so that when a user becomes a member they have "full" access. The plan is to have a members area (...
user avatar
2votes
2answers
469views

PHP Logging in and Handling Session Security

I'm working on a community page and I've looked at a lot of the things surrounding security with logging in, but I'm still confused with how to secure the session. The only thing I do after a ...
user avatar
  • 19
2votes
0answers
258views

What privileges should I give my MySQL database user for my Flask application?

Is there a standard set of privileges that should be given to the user used to access a Flask SQLAlchemy database. For example with application.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://app@127.0....
user avatar
  • 39.4k
2votes
1answer
699views

Secure method for supporting partial string matching on an encrypted database field

I am writing a web application that use PHP + MySQL. I know that both PHP and MySQL can perform data encryption. I have also read that encrypting the data in the PHP level is more preferred in terms ...
user avatar
  • 299
2votes
1answer
56views

Displaying a file in browser without revealing its location

I am currently working on a project which can be best described as a online pdf library. Users can log in and see a list of pdfs available. The user can click on one to 'check it out' this then ...
user avatar
2votes
3answers
3kviews

Bootstrap HTML + MySQL PHP Form Security

I've made a html form using Bootstrap. I've used "required" to ensure data is populated in certain fields for the form to be submitted. This form goes to a php script that opens a database connection, ...
user avatar
2votes
1answer
374views

Storing values securely in mySQL Database

I am creating a CakePHP web application. Obviously passwords are stored with a hash, but is there a way to securely store values of other fields that will be retrieved? I'm not talking anything as ...
user avatar
  • 3,252
2votes
0answers
365views

I am using mysql dumper and i want to disable the database backups *.sql.gz from web

I am using mysql dumper script from mysqldumper.net. There is a BasicAuth protection in the script itself which generates it and as a result of it i have to use username and password to login into ...
user avatar
2votes
1answer
128views

Matching different columns sport and dport from mysql table

I have a table with UDP packets that is being stored for analysis. I want to search for packets that were not solicited by my server. For example if I receive an UDP packet from source port 106 and ...
user avatar
  • 111
2votes
2answers
96views

Mysql: Possible to force updating of a second column after updating the first?

I have a Mysql database that stores login data. The passwords and salts are saved as sha512 hashes. Now, should the value in the password column be changed, I would like to implement a condition that ...
user avatar
  • 141
2votes
0answers
611views

Automatic Encryption and Decryption of Column in MySql

I wanted to encrypt and decrypt a column in MySql table based on the User logging in. Lets say when a normal user "John" logs in he should see that column encrypted, but when a super user "root" logs ...
user avatar
  • 103
2votes
1answer
1kviews

storing bank account numbers

I need to store bank account information (account numbers and routing numbers) in order to send them payment. What solution do you guys suggest to be able to store these securely? I really don't want ...
user avatar
  • 6,117
2votes
1answer
399views

Sql Injection - Is the following open to attack?

I've recently started working at a company that was wide open to SQL injection attacks. As in they had next to no input sanitation at all. After pointing out the problem, I've been tasked with ...
user avatar
1vote
0answers
43views

Would like to prevent possible code Injection on legacy PHP web app

So our ancient web app manages to pass an annual code review with minimal red flags. One of those possible security risks was this function below that gets a user's session info. private function ...
user avatar
1vote
1answer
88views

Storing a Json value Security Threads using wordpress plugin

I'm performing an audit against OASP best practices, my goal is to identify all major security threads happening when I send the data from the frontend until it is saved in the database. Context. Json ...
user avatar
1vote
0answers
779views

Specified file 'sql.txt' does not contain a usable HTTP request (with parameters)

Whenever I am Using - sqlmap -r sql.txt --dbms=MYSQL --dbs --batch following result get displayed. └─# sqlmap -r sql.txt --dbms=MYSQL --dbs --batch ...
user avatar
  • 11
1vote
0answers
27views

MySQL TLS auto generating exposes server ip

Is there any way to disable MySQL automatic TLS generating? CN=MySQL_Server_8.0.25_Auto_Generated_Server_Certificate CN=MySQL_Server_8.0.25_Auto_Generated_CA_Certificate If i check my website with ...
user avatar
  • 462
1vote
1answer
217views

How can I prevent user to send so many post requests to php file

I have an HTML file that has a form inside. When this form submitted, it sends a POST request to the PHP file. PHP file creates a connection with MySQL DB and updates a row inside it. The problem is ...
user avatar
  • 121
1vote
0answers
2kviews

AWS RDS can do column level encryption out of the box?

We had an on premise Mysql server where we wanted to move to cloud. The obvious choice is RDS instance of mysql. At present we are using Database level encryption applied to few of our sensitive data ...
user avatar
  • 105
1vote
2answers
112views

How can I add security to a mySQL column addition generated by user input?

Using PHP 7 and MySQL 8 Having a new column generated by the end user isn't the best idea in the first place, but in this situation (and others where common PDO tactics aren't easily used), what is ...
user avatar
1vote
0answers
35views

A way to avoid stocking plain text password in both session and database

Here is an idea I've got to store no plain text password in both session and SQL (even if needed in post). Can you tell me what you do think about this way to proceed ? //The password entered by user ...
user avatar
1vote
1answer
123views

Can someone send form data from different host to my PHP script which inserts fetched data into MySQL? If so, how can we secure it?

I want to know if that's possible for someone to create a automation script to send some kind of random form data to my PHP script which simply inserts received form data into the MySQL Database? Will ...
user avatar
1vote
0answers
238views

Safely destroy (shred) MySQL database

I want to store sensitive data in a MySQL database for a while, so I'd like to know a way to delete a MySQL database without having a chance of recovery. In Linux, we have a tool named shred which ...
user avatar
  • 1,458
1vote
1answer
589views

Should I use UUID or regular auto_increment for my userIDs?

I am building an application with a node.js backend in combination with MySQL. In the database, I have a table "users" which contains the information about a user. Currently, those have regular id's ...
user avatar
  • 467
1vote
0answers
266views

Is mysql login path a secure way to access database without password ? Is there alternatives?

I have a question regarding the mysql login path functionality. I'm looking for a way to host my databases on a server without having to type in the passwords every time I want to access one (which ...
user avatar
  • 173
1vote
0answers
43views

Where to store task from a task list

I want to build a small Task-List Web-Application in Vanilla JS. Now I am wondering what is a good and safe way to store the tasks. Local Storage would be the easiest and fastest but, I guess, not ...
user avatar
  • 169
1vote
0answers
1kviews

How to fix a "Deceptive-site-ahead" Chrome warning in my PHP website?

The following PHP code is working as it should be but showing a warning in Chrome that "Deceptive-site-ahead" as shown in the screenshot below. What changes are required to resolve the problem? I am ...
user avatar
1vote
1answer
88views

Login to mysql programmatically

I'm writing a c program and need to login to a mysql database. I'm trying to find a simple yet secure way of storing the username and password in the program. The program will make https calls to the ...
user avatar
1vote
0answers
240views

MySQL dump crash unexpectedly with (secure) option --login-path

We have a script on testing server for backup mysql database from production server, it has been working fine for a long time: mysqldump -h prod_server_ip -u user -ppswd --lock-tables=false ...
user avatar
  • 318
1vote
0answers
845views

Key management in a microservice

We have a dropwizard microservice which accesses a MySQL database. We currently stored encrypted credentials for database access in a configuration file (env.properties) so that it can be changed at ...
user avatar
  • 14.3k
1vote
1answer
258views

is a password necessary if mysql only allows connections from localhost

On a lot of public webpages, hosted by people at their own homes, they use their own desktops as webserver. Within this kind of setting usually I use a form of server sided language (like php) that ...
user avatar
1vote
1answer
64views

Can I use a token in Headers in Swift to authorisation a database connection?

I am looking to add some security to my app. My train of thought is: I add a token, base64LoginString to my app which is sent in the header of my connection/JSON request. Do I then need to also add ...
user avatar
  • 600
1vote
1answer
80views

Why not have an identical cookie for different user's devices?

Here is my table structure: // users +----+--------+------------------------+------------------+-------------------------------+ | id | name | email | cookie | /* some ...
user avatar
  • 9,350
1vote
0answers
60views

Avoid injection for MySQL explain tool

We are trying to develop a web tool to run EXPLAN command to our database. So even the developers do not have permission to run queries directly, they could use the tool to run EXPLAIN to investigate ...
user avatar
  • 11
1vote
1answer
44views

Can foreign key restrictions be a security benefit and/or risk?

If, when setting up foreign keys, you set the "delete" restrictions to "cascade" does it create an easier way for attackers to cause more widespread damage to your database? Contrastingly, does ...
user avatar
  • 4,783
1vote
1answer
712views

Is there any other security/performance issue of XAMPP for production on windows server except those listed in official FAQ?

Usually I prefer using Linux CentOS / Ubuntu for production server. However currently I got a customer who don't want to pay extra for hosting. In return he provides a server running windows server ...
user avatar
  • 4,358

15 30 50 per page
1
2 3 4 5 6