Security Basics mailing list archives

Re: Secure Login Form

From: "Joe Yong" <justasqlguy () gmail com>
Date: Sat, 19 Jan 2008 17:15:24 -0800

If you're going to use a database, google "SQL Injection" and learn it
well. Related to the subject is multi-layered security.

You system is at far greater risk of compromise from this than brute
force or man-in-the-middle attacks.

Why bother with the hard work of trying to crack strongly encrypted
passwords when the intruder can instruct your database to do its
bidding?

If your DB is setup with anything beyond minimum required privileges
on the machine it's running on (e.g. running under a high privilege
account), that helps the intruder get to the rest of your network much
faster.

Doesn't really matter what OS or DB you're running. The same rules apply.

Current thread:

Secure Login Form Jonathan Askew JBASKEW (Jan 16)
- Re: Secure Login Form cory (Jan 16)
- Re: Secure Login Form Josh Haft (Jan 16)
- RE: Secure Login Form benoni.martin (Jan 17)
- Re: Secure Login Form Rodrigo Blanco (Jan 19)
- Re: Secure Login Form Joe Yong (Jan 21)
- <Possible follow-ups>
- Re: Secure Login Form krymson (Jan 17)
  - Re: Secure Login Form MaddHatter (Jan 18)
  - Re: Secure Login Form Bipin Upadhyay (Jan 19)