Flylib.com
The Database Hackers Handbook: Defending Database Servers
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156
Authors:
David Litchfield
,
Chris Anley
,
John Heasman
,
Bill Grindlay
BUY ON AMAZON
The Database Hacker s Handbook: Defending Database Servers
Back Cover
About
Preface
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Companion Web Site
Introduction
Part I: Introduction
Chapter 1: Why Care About Database Security?
Which Database Is the Most Secure?
The State of Database Security Research
So What Does It All Mean?
Finding Flaws in Your Database Server
Conclusion
Part II: Oracle
Chapter 2: The Oracle Architecture
Examining the Oracle Architecture
The Oracle RDBMS
The Oracle Intelligent Agent
Oracle Authentication and Authorization
Database Authentication
Chapter 3: Attacking Oracle
Oracle s PLSQL
PLSQL Injection
Injecting into DELETE, INSERT, and UPDATE Statements
Injecting into Anonymous PLSQL Blocks
Executing User-Supplied Queries with DBMS_SQL
Real-World Examples
PLSQL and Oracle Application Server
Summary
Chapter 4: Oracle: Moving Further into the Network
Running Operating System Commands
Accessing the File System
Accessing the Network
PLSQL and the Network
Summary
Chapter 5: Securing Oracle
Oracle Database Server
Part III: DB2
Chapter 6: IBM DB2 Universal Database
DB2 Deployment Scenarios
DB2 Processes
DB2 Physical Database Layout
DB2 Logical Database Layout
DB2 Authentication and Authorization
Authorization
Summary
Chapter 7: DB2: Discovery, Attack, and Defense
Chapter 8: Attacking DB2
DB2 Remote Command Server
Running Commands Through DB2
Gaining Access to the Filesystem Through DB2
Local Attacks Against DB2
Summary
Chapter 9: Securing DB2
Securing the Operating System
Securing the DB2 Network Interface
Securing the DBMS
Remove Unnecessary Components
And Finally . . .
Part IV: Informix
Chapter 10: The Informix Architecture
Examining the Informix Architecture
The Informix Logical Layout
Chapter 11: Informix: Discovery, Attack, and Defense
Attacking Informix with Stored Procedural Language (SPL)
SQL Buffer Overflows in Informix
Summary
Chapter 12: Securing Informix
Encrypt Network Traffic
Revoke the Connect Privilege from Public
Enable Auditing
Revoke Public Permissions on File Access Routines
Revoke Public Execute Permissions on Module Routines
Preventing Shared Memory from Being Dumped
Preventing Local Attacks on Unix-Based Servers
Restrict Language Usage
Useful Documents
Part V: Sybase ASE
Chapter 13: Sybase Architecture
History
Stand-Out Features
Chapter 14: Sybase: Discovery, Attack, and Defense
Finding Targets
Attacking Sybase
MS SQL Server Injection Techniques in Sybase
External Filesystem Access
Defending Against Attacks
Older Known Sybase ASE Security Bugs
Sybase Version Tool
Chapter 15: Sybase: Moving Further into the Network
Connecting to Other Servers with Sybase
Java in SQL
Trojanning Sybase
Chapter 16: Securing Sybase
Background
Operating System
Sybase Users
Sybase Configuration
Part VI: MySQL
Chapter 17: MySQL Architecture
Examining the Logical Database Architecture
Exploiting Architectural Design Flaws
Chapter 18: MySQL: Discovery, Attack, and Defense
Hacking MySQL
Local Attacks Against MySQL
The MySQL File Structure Revisited
Chapter 19: MySQL: Moving Further into the Network
MySQL Client Hash Authentication Patch
Running External Programs: User-Defined Functions
User-Defined Functions in Windows
Summary
Chapter 20: Securing MySQL
MySQL Security Checklist
Background
Operating System
MySQL Users
MySQL Configuration
Routine Audit
Part VII: SQL Server
Chapter 21: Microsoft SQL Server Architecture
Physical Architecture
Logical Architecture
Users and Groups
Chapter 22: SQL Server: Exploitation, Attack, and Defense
Exploiting Design Flaws
SQL Injection
Covering Tracks
Chapter 23: Securing SQL Server
Configuration
Part VIII: PostgreSQL
Chapter 24: The PostgreSQL Architecture
The PostgreSQL File Structure
Chapter 25: PostgreSQL: Discovery and Attack
The PostgreSQL Protocol
Network-Based Attacks Against PostgreSQL
Information Leakage from Compromised Resources
Known PostgreSQL Bugs
SQL Injection with PostgreSQL
Interacting with the Filesystem
Summary
Chapter 26: Securing PostgreSQL
Part IX: Appendixes
Appendix A: Example C Code for a Time-Delay SQL Injection Harness
Appendix B: Dangerous Extended Stored Procedures
Registry
System
E-Mail
OLE Automation
Appendix C: Oracle Default Usernames and Passwords
List of Figures
List of Tables
List of Sidebars
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156
Authors:
David Litchfield
,
Chris Anley
,
John Heasman
,
Bill Grindlay
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
DirectorySearcher Overview
The Basics of Searching
COM Interop Data Types
Techniques for Extending the Schema
Summary
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Article 338 Service-Entrance Cable Types SE and USE
Article 404: Switches
Article 426: Fixed Outdoor Electric De-Icing and Snow-Melting Equipment
Example No. D4(a) Multifamily Dwelling
Example No. D5(a) Multifamily Dwelling Served at 208Y/120 Volts, Three Phase
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
The Challenges of Web Application Development
Form Presentation and Validation with Struts
Managing Business Logic with Struts
Building a Data Access Tier with ObjectRelationalBridge
Building the JavaEdge Application with Ant and Anthill
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Wiring Installation Practices
Security System Basics
Troubleshooting and Maintaining a Home Security System
User Interfaces
Appendix C Home Technology Industry Associations and Organizations
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
Starting Diagrams by Using Templates
Exporting Timelines to Create Gantt Charts
Storing and Displaying Employee Information in Organization Charts
Creating Network Diagrams
Choose the Right Book for You
Java All-In-One Desk Reference For Dummies
Working with Numbers and Expressions
Using Inner Classes
Programming Threads
Using Recursion
Database for $100, Please
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies