Security Information and Review

Collection of security information and review

Posts Tagged 'Authorization'

SQL Injection Attacks and SQL Server Security

Author : Admin

SQL Injection is a tehnique to manipulate of SQL Command that exploit SQL Server vulnerability of web application layer. This is the SQL Server security to be considered by many programmers and administrators. This vulnerability occurred if user insert text in form of web application. This form of SQL Injection occurs when user input is not filtered for escape characters and is then passed into an SQL Statement. Example, form login of web application as authentication to enter to system with user name and password is required. Field user name and password will make SQL Query to the database to check if a user name has valid name and password. Example SQL Injection in PHP in form login of the POST or GET methode, with a table user.
… continue reading : SQL Injection Attacks and SQL Server Security.

28 May 2009 at 00:14 - Comments

Basic Microsoft SQL Server Security

Author : Admin

Every discuss about Microsoft Windows security and other security discussion, it’s most often described for the first time is the Authentication and Authorization. Authentication is the process of identification of the person / user and Authorization refers to the process of determining what that user can do. At this article, we will discuss about Microsoft SQL Server ( all version of MS SQL Server ), Authentication and Authorization.

 

In the Microsoft SQL Server, authentication process occures when someone wanted to make a connection to Microsoft SQL Server. User and password is required for some one to be able to access resources of the Microsoft SQL Server. Once the authentication process finishes, Microsoft SQL Server takes control of authorizing user’s can access to object ( Database, table, trigger and function ) and data in the system.

 

Microsoft SQL Server version 7.0 up, can grant permission to Basic Windows authenticated login on their individual account or the groups of which they are members SQL Server Authenticated. beside this rules, Microsoft SQL Server can grant permission based on the login ID or in membership in database roles, which function like Windows Groups.
… continue reading : Basic Microsoft SQL Server Security.

22 May 2009 at 21:39 - Comments