Stack Overflow
Stack Overflow

Questions tagged [database-security]

218 questions
626
votes
9 answers

What is the difference between Integrated Security = True and Integrated Security = SSPI?

I have two apps that use Integrated Security. One assigns Integrated Security = true in the connection string, and the other sets Integrated Security = SSPI. What is the difference between SSPI and true in the context of Integrated Security?
JD.
  • 15,171
  • 21
  • 86
  • 159
16
votes
1 answer

SECURITY DEFINER - privileges of the function's creator, or owner?

Postgres's official docs indicate that functions defined with SECURITY DEFINER run with privileges of the user who created it. However other sources, such as here and here, claim it is the privileges of the owner of the function. Which is…
ExactaBox
  • 3,235
  • 16
  • 27
11
votes
2 answers

Is it possible to get "NT AUTHORITY\NETWORK SERVICE" user independent of language?

I have encountered today a problem that I have never faced before. I have developed an application that uses SQL Server database. That application has a Windows Service that accesses the database. Since the Windows Service uses Network Service as…
jstuardo
  • 3,901
  • 14
  • 61
  • 136
11
votes
3 answers

SQL Server Permissions on Stored Procs with dynamic SQL

I have a database which has an application role. The role members all belong to a group in Active Directory. Instead of giving the role permissions to select from the tables I have given the role execute permissions on all of the stored procedures…
Dismissile
  • 32,564
  • 38
  • 174
  • 263
8
votes
3 answers

SQL Server 2019 - The server principal "sa" is not able to access the database "DB_NAME" under the current security context

I've written the following stored procedure: CREATE PROCEDURE dbo.usp_DEMO @LOGINSQL VARCHAR(30), @DBNAME VARCHAR(40) WITH EXECUTE AS owner AS DECLARE @SQL NVARCHAR(1000) SET @SQL = 'USE' SET @SQL = @SQL + ' ' + @DBNAME + '…
AdemirP
  • 113
  • 1
  • 3
  • 10
8
votes
2 answers

How to secure Azure client Id and Secret without using App Settings of App Service

I am using Azure KeyVault to store my database credentials, Now to access it I have hardcoded client id and client secret in service code. How can I avoid this hard coding as its insecure? 1) I don't want to store client id and client secret in…
Chinta Sai Vamshi
  • 319
  • 3
  • 11
8
votes
6 answers

How secure is a PostgreSQL database if my server is stolen?

If I have a server with a database of top secret data in PostgreSQL and my password is practically impossible to guess (128 character string of all sorts of weird chars, generated by hand). The server password is also practically unguessable. Aside…
orokusaki
  • 55,146
  • 59
  • 179
  • 257
7
votes
1 answer

What are the benefit of encrypting AWS RDS instance

If we have a MySQL RDS in AWS which can only be accessed from the EC2's in the private subnet then is there any benefit in encrypting it from security point of view (Using default RDS encryption). Because the only way somebody can access the DB is…
Rahul
  • 824
  • 1
  • 12
  • 27
7
votes
1 answer

How can I use transparent data encryption with MySQL?

I want to enable Transparent Data encryption (TDE) on MySQL. I don't mind if the entire db is encrypted (as opposed to a few columns or rows or tables). I am using this for a study, so I am looking for something that is open and free. I found…
Rahul
  • 1,495
  • 1
  • 15
  • 25
7
votes
2 answers

SQL Server 2008 - Does a trigger run with the same permissions as the login/user?

Just a quick question: Say I put an insert trigger on a table in my database. If data is inserted into that table through a login/user "foobar". Does the trigger execute with the same access rights / permissions as "foobar"? Many thanks.
Chris Cannon
  • 1,157
  • 5
  • 15
  • 36
6
votes
1 answer

Can't connect to mysql because there are no users

I mistakenly removed all users for mysql ... So I can't connect to mysql. Does anyone has an idea ? I tried reinstalling it but it didn't work ... PS : I am on Archlinux. Thanks in advance !
Vinzgore
  • 97
  • 3
  • 6
6
votes
1 answer

Are there any SQL injection tools out there so I can test my site's vulnerabality?

Are there any SQL injection tools out there so I can test my site for vulnerabilities? Any good ones? Free ones would be good.
getaway
  • 8,792
  • 22
  • 64
  • 94
6
votes
7 answers

How to separate a person's identity from his personal data?

I'm writing an app which main purpose is to keep list of users purchases. I would like to ensure that even I as a developer (or anyone with full access to the database) could not figure out how much money a particular person has spent or what he has…
Rene Saarsoo
  • 13,580
  • 8
  • 57
  • 85
6
votes
2 answers

Keeping Users Anonymous - Secure DB Only Option - General Thoughts?

I'm working on a web app where was considering how to keep user's identities totally anonymous. However I've come to the conclusion, there's not too much I can do - except concentrate on securing the database from being hacked. Is this the general…
userMod2
  • 8,312
  • 13
  • 63
  • 115
5
votes
1 answer

Creating a master key in SQL Server

I'm trying to implement an encrypted column as in this following MSDN example. I understand most of the code except for the very first line: --If there is no master key, create one now. IF NOT EXISTS (SELECT * FROM sys.symmetric_keys WHERE…
Arj
  • 1,981
  • 4
  • 25
  • 45
1
2 3
14 15