RE: Limiting application's database size

From: Andrew Shore (andrew.shore_at_holistecs.com)
Date: 06/28/04

  • Next message: ddcrane: "Re: Personal firewall for lambda users" 
    Date: Mon, 28 Jun 2004 16:12:19 +0100
To: "Thorpe, Jason (TAD)" <Jason.Thorpe@fta.dot.gov>, <webappsec@securityfocus.com>, <security-basics@securityfocus.com>

    Set the database as a fixed size and don't let it grow automatically.

    That way the database can not get bigger than its initial size.

     
    Andrew Shore
    Senior Security Specialist
    DDI. 01302 308 165
    andrew.shore@holistecs.com
     
     
     
    Company Number 04943010
    VAT Number 828 8635 82
     
     
    Holistic Technologies Ltd
    Unit 7 Shaw Wood Business Park
    Shaw Wood Way
    Doncaster
    South Yorkshire
    DN2 5TB
    T. 0870 240 1442
    F. 0870 240 1443
    www.holistecs.com
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    -----Original Message-----
    From: Thorpe, Jason (TAD) [mailto:Jason.Thorpe@fta.dot.gov]
    Sent: 28 June 2004 14:04
    To: webappsec@securityfocus.com; security-basics@securityfocus.com
    Subject: Limiting application's database size

    I have a database server that contains several applications. One of the
    applications allow users to enter information into the database without
    being authenticated. My concern is that a malicious script could
    quickly
    increase the size of the database and thus taking all free disk space on
    the
    server. Is there a way to limit the size of the database so that it
    will
    not affect the other applications? Or does anybody have any suggestions
    on
    a way to handle this situation.

    DB Server: MS SQL Server, IIS

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: ddcrane: "Re: Personal firewall for lambda users"

    Relevant Pages

    • Create SharePoint Portal failed.
      ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ...
      (microsoft.public.sharepoint.portalserver)
    • Re: ADO Connection Timeout
      ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ...
      (microsoft.public.data.ado)
    • Web Developers - Happy Hearts And HDTV! - Lockergnome
      ... Certificate on your MSIIS Web server. ... getting data from a database is only half the problem. ... Zend recently started a series about building rock solid code in PHP. ... which provides bulk database conversion. ...
      (freebsd-questions)
    • Creating/Altering Database Schemas via Code
      ... to create/alter the database for a suite of ... the server in an INI file) ... I have never heard of major applications (a suite of at least 9 client ...
      (microsoft.public.vstudio.general)
    • Config for OLTP system
      ... extrenal disks fo the 60GByte database server. ... IBM Informix Dynamic Server Configuration Parameters ... # BUFFSIZE - OnLine no longer supports this configuration parameter. ...
      (comp.databases.informix)