Flylib.com
The Database Hackers Handbook: Defending Database Servers
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156
Authors:
David Litchfield
,
Chris Anley
,
John Heasman
,
Bill Grindlay
BUY ON AMAZON
The Database Hacker s Handbook: Defending Database Servers
Back Cover
About
Preface
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Companion Web Site
Introduction
Part I: Introduction
Chapter 1: Why Care About Database Security?
Which Database Is the Most Secure?
The State of Database Security Research
So What Does It All Mean?
Finding Flaws in Your Database Server
Conclusion
Part II: Oracle
Chapter 2: The Oracle Architecture
Examining the Oracle Architecture
The Oracle RDBMS
The Oracle Intelligent Agent
Oracle Authentication and Authorization
Database Authentication
Chapter 3: Attacking Oracle
Oracle s PLSQL
PLSQL Injection
Injecting into DELETE, INSERT, and UPDATE Statements
Injecting into Anonymous PLSQL Blocks
Executing User-Supplied Queries with DBMS_SQL
Real-World Examples
PLSQL and Oracle Application Server
Summary
Chapter 4: Oracle: Moving Further into the Network
Running Operating System Commands
Accessing the File System
Accessing the Network
PLSQL and the Network
Summary
Chapter 5: Securing Oracle
Oracle Database Server
Part III: DB2
Chapter 6: IBM DB2 Universal Database
DB2 Deployment Scenarios
DB2 Processes
DB2 Physical Database Layout
DB2 Logical Database Layout
DB2 Authentication and Authorization
Authorization
Summary
Chapter 7: DB2: Discovery, Attack, and Defense
Chapter 8: Attacking DB2
DB2 Remote Command Server
Running Commands Through DB2
Gaining Access to the Filesystem Through DB2
Local Attacks Against DB2
Summary
Chapter 9: Securing DB2
Securing the Operating System
Securing the DB2 Network Interface
Securing the DBMS
Remove Unnecessary Components
And Finally . . .
Part IV: Informix
Chapter 10: The Informix Architecture
Examining the Informix Architecture
The Informix Logical Layout
Chapter 11: Informix: Discovery, Attack, and Defense
Attacking Informix with Stored Procedural Language (SPL)
SQL Buffer Overflows in Informix
Summary
Chapter 12: Securing Informix
Encrypt Network Traffic
Revoke the Connect Privilege from Public
Enable Auditing
Revoke Public Permissions on File Access Routines
Revoke Public Execute Permissions on Module Routines
Preventing Shared Memory from Being Dumped
Preventing Local Attacks on Unix-Based Servers
Restrict Language Usage
Useful Documents
Part V: Sybase ASE
Chapter 13: Sybase Architecture
History
Stand-Out Features
Chapter 14: Sybase: Discovery, Attack, and Defense
Finding Targets
Attacking Sybase
MS SQL Server Injection Techniques in Sybase
External Filesystem Access
Defending Against Attacks
Older Known Sybase ASE Security Bugs
Sybase Version Tool
Chapter 15: Sybase: Moving Further into the Network
Connecting to Other Servers with Sybase
Java in SQL
Trojanning Sybase
Chapter 16: Securing Sybase
Background
Operating System
Sybase Users
Sybase Configuration
Part VI: MySQL
Chapter 17: MySQL Architecture
Examining the Logical Database Architecture
Exploiting Architectural Design Flaws
Chapter 18: MySQL: Discovery, Attack, and Defense
Hacking MySQL
Local Attacks Against MySQL
The MySQL File Structure Revisited
Chapter 19: MySQL: Moving Further into the Network
MySQL Client Hash Authentication Patch
Running External Programs: User-Defined Functions
User-Defined Functions in Windows
Summary
Chapter 20: Securing MySQL
MySQL Security Checklist
Background
Operating System
MySQL Users
MySQL Configuration
Routine Audit
Part VII: SQL Server
Chapter 21: Microsoft SQL Server Architecture
Physical Architecture
Logical Architecture
Users and Groups
Chapter 22: SQL Server: Exploitation, Attack, and Defense
Exploiting Design Flaws
SQL Injection
Covering Tracks
Chapter 23: Securing SQL Server
Configuration
Part VIII: PostgreSQL
Chapter 24: The PostgreSQL Architecture
The PostgreSQL File Structure
Chapter 25: PostgreSQL: Discovery and Attack
The PostgreSQL Protocol
Network-Based Attacks Against PostgreSQL
Information Leakage from Compromised Resources
Known PostgreSQL Bugs
SQL Injection with PostgreSQL
Interacting with the Filesystem
Summary
Chapter 26: Securing PostgreSQL
Part IX: Appendixes
Appendix A: Example C Code for a Time-Delay SQL Injection Harness
Appendix B: Dangerous Extended Stored Procedures
Registry
System
E-Mail
OLE Automation
Appendix C: Oracle Default Usernames and Passwords
List of Figures
List of Tables
List of Sidebars
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156
Authors:
David Litchfield
,
Chris Anley
,
John Heasman
,
Bill Grindlay
BUY ON AMAZON
Oracle Developer Forms Techniques
Summary
Passing Data from the Called Form to the Calling Form
Sharing a Record Group Across Forms
Polymorphism
Programmatically Canceling a Query
SQL Hacks
Hack 7. Modify a Schema Without Breaking Existing Queries
Hack 24. Multiply Across a Result Set
Hack 37. Reconcile Invoices and Remittances
Hack 45. Process Web Server Logs
Hack 61. Set Security Based on Rows
An Introduction to Design Patterns in C++ with Qt 4
Review Questions
QApplication and the Event Loop
Evaluation of Logical Expressions
Preference: An Enumerated Type
MP3 Jukebox Assignments
GO! with Microsoft Office 2003 Brief (2nd Edition)
Project 1A. Thank You Letter
Project 3B. Park Changes
Objective 10. Open and Save an Existing Workbook
Business Running Case
Objective 5. Copy Excel Data into a Word Document
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Success Story #1 Lockheed Martin Creating a New Legacy
Seeing Services Through Your Customers Eyes-Becoming a customer-centered organization
Phase 2 Engagement (Creating Pull)
Service Process Challenges
First Wave Service Projects
.NET System Management Services
Querying WMI
Handling WMI Events
The WMI Schema
WMI Providers
WMI Security
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies