RE: Limiting application's database size

From: Andrew Shore (andrew.shore_at_holistecs.com)
Date: 06/28/04

  • Next message: ddcrane: "Re: Personal firewall for lambda users" 
    Date: Mon, 28 Jun 2004 16:12:19 +0100
To: "Thorpe, Jason (TAD)" <Jason.Thorpe@fta.dot.gov>, <webappsec@securityfocus.com>, <security-basics@securityfocus.com>

    Set the database as a fixed size and don't let it grow automatically.

    That way the database can not get bigger than its initial size.

     
    Andrew Shore
    Senior Security Specialist
    DDI. 01302 308 165
    andrew.shore@holistecs.com
     
     
     
    Company Number 04943010
    VAT Number 828 8635 82
     
     
    Holistic Technologies Ltd
    Unit 7 Shaw Wood Business Park
    Shaw Wood Way
    Doncaster
    South Yorkshire
    DN2 5TB
    T. 0870 240 1442
    F. 0870 240 1443
    www.holistecs.com
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    -----Original Message-----
    From: Thorpe, Jason (TAD) [mailto:Jason.Thorpe@fta.dot.gov]
    Sent: 28 June 2004 14:04
    To: webappsec@securityfocus.com; security-basics@securityfocus.com
    Subject: Limiting application's database size

    I have a database server that contains several applications. One of the
    applications allow users to enter information into the database without
    being authenticated. My concern is that a malicious script could
    quickly
    increase the size of the database and thus taking all free disk space on
    the
    server. Is there a way to limit the size of the database so that it
    will
    not affect the other applications? Or does anybody have any suggestions
    on
    a way to handle this situation.

    DB Server: MS SQL Server, IIS

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: ddcrane: "Re: Personal firewall for lambda users"

    Relevant Pages

    • Create SharePoint Portal failed.
      ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ...
      (microsoft.public.sharepoint.portalserver)
    • Re: ADO Connection Timeout
      ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ...
      (microsoft.public.data.ado)
    • Web Developers - Happy Hearts And HDTV! - Lockergnome
      ... Certificate on your MSIIS Web server. ... getting data from a database is only half the problem. ... Zend recently started a series about building rock solid code in PHP. ... which provides bulk database conversion. ...
      (freebsd-questions)
    • Creating/Altering Database Schemas via Code
      ... to create/alter the database for a suite of ... the server in an INI file) ... I have never heard of major applications (a suite of at least 9 client ...
      (microsoft.public.vstudio.general)
    • Re: TNS could not resolve the connect identifier
      ... This database resides on Machine A. ... The Web server is running on Machine B. ... Using tnsping is not as good as using a real connection such as via ... client (note that this is terminology that appears in the 10g R2 ...
      (comp.databases.oracle.server)