RE: Limiting application's database size

From: Stan Guzik (SGuzik_at_ImmediaTech.com)
Date: 06/28/04

  • Next message: Alvin Packard: "Re: Which Windows OS is Safest"
    Date: Mon, 28 Jun 2004 11:01:30 -0400
    To: "Thorpe, Jason (TAD)" <Jason.Thorpe@fta.dot.gov>, <webappsec@securityfocus.com>, <security-basics@securityfocus.com>
    
    

    In SQL Server, I'm assuming you are running 2K, there is an option on
    the DB to "Automatically grow file". If this selection is not checked
    your SQL DB will not grow meaning you need to monitor the growth
    manually.

    The above will work but manually monitoring always leads to human error.
    There are SQL SP to get the size of the DB and individual tables. You
    can use these SP in you code to notify/email you when your DB is close
    to its max, (let's save 20% free space.)

    -----Original Message-----
    From: Thorpe, Jason (TAD) [mailto:Jason.Thorpe@fta.dot.gov]
    Sent: Monday, June 28, 2004 9:04 AM
    To: webappsec@securityfocus.com; security-basics@securityfocus.com
    Subject: Limiting application's database size

    I have a database server that contains several applications. One of the
    applications allow users to enter information into the database without
    being authenticated. My concern is that a malicious script could
    quickly
    increase the size of the database and thus taking all free disk space on
    the
    server. Is there a way to limit the size of the database so that it
    will
    not affect the other applications? Or does anybody have any suggestions
    on
    a way to handle this situation.

    DB Server: MS SQL Server, IIS

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Alvin Packard: "Re: Which Windows OS is Safest"

    Relevant Pages