AW: Database security

From: Dominick Baier (db@die-lounge.com)
Date: 09/17/02

Previous message: Ken.Williams@ey.com: "win xp sp1 changes ICF settings/rules and/or default behavior for snmp packet processing on udp 162?"
In reply to: zero: "Database security"
Next in thread: Leff Cpl Eric E: "RE: Database security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Dominick Baier" <db@die-lounge.com>
To: "'zero'" <zeroboy@arrakis.es>
Date: Tue, 17 Sep 2002 21:43:33 +0200

Hi,

well access and secure web application are two terms that don't go
together.

the first and main point is - access has no means of authentication
(besides that crappy password) or authorization. you can't say person x
has the right to read data from table y.

another reason against access is that you have to have some sort of file
systen connection to the access file. when the .MDB is on the same
system - a webserver compromise is enough to simply copy the whole data
per e.g. tftp to another machine. if the .MDB is on another machine you
have to have NetBIOS enabled, which is generally a bad idea.

Performance-Wise : Access is no multiuser-dbms - in a web application
you typically habe concurrent data access.

Go for a Client/Server DBMS on (physically) another machine, e.g. SQL
Server, Oracle aso

that is the only choice if you are looking security and
stability/scalability.

greets
dominick baier
ernw.de

-----Ursprüngliche Nachricht-----
Von: zero [mailto:zeroboy@arrakis.es]
Gesendet: Montag, 16. September 2002 22:27
An: focus-ms@securityfocus.com
Betreff: Database security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I'm looking for some good reasons for not using Access 2000.
Well,
I don't like it very much but what is the difference between access and
some other databases like postgreSQL or mysql? Are they more flexible,
more
secure? Any help is welcome. The question is, is it better to use access
on
a secure web application or some other database?

Gretz

www.citfi.org
www.podergeek.com
**********************************
"The further backward you look, the further forward you can see" Winston

Churchill
"Access is GOD..."

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPYYweQ0R8jZM93x8EQJpeACgz3WwAQofnBs5i/iEnhdDG2aSHUUAnA0u
OZpKbSHk3oUoQJ2LG4pi9pde
=l7QR
-----END PGP SIGNATURE-----

Previous message: Ken.Williams@ey.com: "win xp sp1 changes ICF settings/rules and/or default behavior for snmp packet processing on udp 162?"
In reply to: zero: "Database security"
Next in thread: Leff Cpl Eric E: "RE: Database security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]