How to ensure the security of the database and its data?

S

Satisfied IT2016-01-19 16:14:11

MySQL

Satisfied IT, 2016-01-19 16:14:11

Help with this question, the task is to write a corporate application, the database will be either MYSQL or MS SQL, at this stage the choice is not completed. The application will interact with the database through stored procedures, the database user will only have access to them. A single user will be used to access the stored procedures of the database, this is the desire of management and, unfortunately, is not subject to discussion.
The question is how to organize smart user authorization? If using stored procedures to check a certain hash of the login / password with each request, then how to protect yourself from enumeration of hashes? (You never know who gets online)
In general, we need ideas and advice.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Max, 2016-01-19
specialist @borisdenis

see "Top 10 OWASP" - everything was invented before us. As for the enumeration, it is wonderfully cured by a timeout on input and blocking for a while when the threshold for invalid inputs is exceeded.