The Database Hackers Handbook: Defending Database Servers
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 156
Pages: 156
- The Database Hacker s Handbook: Defending Database Servers
- Back Cover
- About
- Preface
- What This Book Covers
- How This Book Is Structured
- What You Need to Use This Book
- Companion Web Site
- Introduction
- Part I: Introduction
- Chapter 1: Why Care About Database Security?
- Which Database Is the Most Secure?
- The State of Database Security Research
- So What Does It All Mean?
- Finding Flaws in Your Database Server
- Conclusion
- Part II: Oracle
- Chapter 2: The Oracle Architecture
- Examining the Oracle Architecture
- The Oracle RDBMS
- The Oracle Intelligent Agent
- Oracle Authentication and Authorization
- Database Authentication
- Chapter 3: Attacking Oracle
- Oracle s PLSQL
- PLSQL Injection
- Injecting into DELETE, INSERT, and UPDATE Statements
- Injecting into Anonymous PLSQL Blocks
- Executing User-Supplied Queries with DBMS_SQL
- Real-World Examples
- PLSQL and Oracle Application Server
- Summary
- Chapter 4: Oracle: Moving Further into the Network
- Running Operating System Commands
- Accessing the File System
- Accessing the Network
- PLSQL and the Network
- Summary
- Chapter 5: Securing Oracle
- Oracle Database Server
- Part III: DB2
- Chapter 6: IBM DB2 Universal Database
- DB2 Deployment Scenarios
- DB2 Processes
- DB2 Physical Database Layout
- DB2 Logical Database Layout
- DB2 Authentication and Authorization
- Authorization
- Summary
- Chapter 7: DB2: Discovery, Attack, and Defense
- Chapter 8: Attacking DB2
- DB2 Remote Command Server
- Running Commands Through DB2
- Gaining Access to the Filesystem Through DB2
- Local Attacks Against DB2
- Summary
- Chapter 9: Securing DB2
- Securing the Operating System
- Securing the DB2 Network Interface
- Securing the DBMS
- Remove Unnecessary Components
- And Finally . . .
- Part IV: Informix
- Chapter 10: The Informix Architecture
- Examining the Informix Architecture
- The Informix Logical Layout
- Chapter 11: Informix: Discovery, Attack, and Defense
- Attacking Informix with Stored Procedural Language (SPL)
- SQL Buffer Overflows in Informix
- Summary
- Chapter 12: Securing Informix
- Encrypt Network Traffic
- Revoke the Connect Privilege from Public
- Enable Auditing
- Revoke Public Permissions on File Access Routines
- Revoke Public Execute Permissions on Module Routines
- Preventing Shared Memory from Being Dumped
- Preventing Local Attacks on Unix-Based Servers
- Restrict Language Usage
- Useful Documents
- Part V: Sybase ASE
- Chapter 13: Sybase Architecture
- History
- Stand-Out Features
- Chapter 14: Sybase: Discovery, Attack, and Defense
- Finding Targets
- Attacking Sybase
- MS SQL Server Injection Techniques in Sybase
- External Filesystem Access
- Defending Against Attacks
- Older Known Sybase ASE Security Bugs
- Sybase Version Tool
- Chapter 15: Sybase: Moving Further into the Network
- Connecting to Other Servers with Sybase
- Java in SQL
- Trojanning Sybase
- Chapter 16: Securing Sybase
- Background
- Operating System
- Sybase Users
- Sybase Configuration
- Part VI: MySQL
- Chapter 17: MySQL Architecture
- Examining the Logical Database Architecture
- Exploiting Architectural Design Flaws
- Chapter 18: MySQL: Discovery, Attack, and Defense
- Hacking MySQL
- Local Attacks Against MySQL
- The MySQL File Structure Revisited
- Chapter 19: MySQL: Moving Further into the Network
- MySQL Client Hash Authentication Patch
- Running External Programs: User-Defined Functions
- User-Defined Functions in Windows
- Summary
- Chapter 20: Securing MySQL
- MySQL Security Checklist
- Background
- Operating System
- MySQL Users
- MySQL Configuration
- Routine Audit
- Part VII: SQL Server
- Chapter 21: Microsoft SQL Server Architecture
- Physical Architecture
- Logical Architecture
- Users and Groups
- Chapter 22: SQL Server: Exploitation, Attack, and Defense
- Exploiting Design Flaws
- SQL Injection
- Covering Tracks
- Chapter 23: Securing SQL Server
- Configuration
- Part VIII: PostgreSQL
- Chapter 24: The PostgreSQL Architecture
- The PostgreSQL File Structure
- Chapter 25: PostgreSQL: Discovery and Attack
- The PostgreSQL Protocol
- Network-Based Attacks Against PostgreSQL
- Information Leakage from Compromised Resources
- Known PostgreSQL Bugs
- SQL Injection with PostgreSQL
- Interacting with the Filesystem
- Summary
- Chapter 26: Securing PostgreSQL
- Part IX: Appendixes
- Appendix A: Example C Code for a Time-Delay SQL Injection Harness
- Appendix B: Dangerous Extended Stored Procedures
- Registry
- System
- OLE Automation
- Appendix C: Oracle Default Usernames and Passwords
- List of Figures
- List of Tables
- List of Sidebars
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 156
Pages: 156