• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How prevent hack database

#1
Hello
I have many code that inserted in database
If hacker can access to database so our codes revealing
How protect my database from hacker?
And i want to assume the hacker hack my database and can access our code
How encrypt data and save it in database?
I think i use AES_ENCRYPT in mysql
Reply

#2
(10-13-2017, 12:02 PM)omid_student Wrote: Hello
I have many code that inserted in database
If hacker can access to database so our codes revealing
How protect my database from hacker?
And i want to assume the hacker hack my database and can access our code
How encrypt data and save it in database?
I think i use AES_ENCRYPT in mysql

If your assumptions are:
  • The attacker has access to, or has ripped a plain-text copy of your database.
  • The attacker also has a copy of all the code on your servers filesystem.
There is not a lot you can you, you already assume the attacker has everything they need for a successful hack and thus it's a bit too late. You need to take steps to prevent them from getting that far in the first place.

You can encrypt data in your database, encrypting it on the way in and decryption it on the way out though your application although this does have some downsides when it comes to performing searches on your data and selecting specific information if everything is decrypted by your application.

If you could enforce encryption within MySQL itself this may stop someone with access to the database files from just opening them up to read them however your application still needs to be able to read that data in plain-text and if your application has the means to do this, the attacker could just go in through the same door as your application to bypass that encryption.

There is a lot we don't know about your application, the data you are trying to protect and the production environment so it's difficult to offer any real advice here with such a vague understanding of your specific circumstances.

Can you provide us with more specific information about your circumstances so we can better understand the position you're in?
Reply

#3
Yes of course
My app is competition with score
In this app,all user add code in app and if code is exist in database,so we give score for user
And in end,for users who have high score,we give gift(iphone) for his/him
This code inserted in database about 1 million records
Now if hacker hack my database and can get all code,so he/she can give all code for user and we will go away
Is it enough?
Reply

#4
(10-13-2017, 11:08 PM)omid_student Wrote: Yes of course
My app is competition with score
In this app,all user add code in app and if code is exist in database,so we give score for user
And in end,for users who have high score,we give gift(iphone) for his/him
This code inserted in database about 1 million records
Now if hacker hack my database and can get all code,so he/she can give all code for user and we will go away
Is it enough?

possible attack vectors:
- sql injection
- employee
- hoster
- bad server config (e.g the db server can be accessed from the outside)
- server not uptodate
etc.

- only write access to the table. If you need to read, create an other user.
- the databaseserver should be not accessed from the outside
- server uptodate
- important: ask an expert for help

i am not a security expert.
Reply

#5
(10-14-2017, 12:10 AM)Paradinight Wrote:
(10-13-2017, 11:08 PM)omid_student Wrote: Yes of course
My app is competition with score
In this app,all user add code in app and if code is exist in database,so we give score for user
And in end,for users who have high score,we give gift(iphone) for his/him
This code inserted in database about 1 million records
Now if hacker hack my database and can get all code,so he/she can give all code for user and we will go away
Is it enough?

possible attack vectors:
- sql injection
- employee
- hoster
- bad server config (e.g the db server can be accessed from the outside)
- server not uptodate
etc.

- only write access to the table. If you need to read, create an other user.
- the databaseserver should be not accessed from the outside
- server uptodate
- important: ask an expert for help

i am not a security expert.

Very good point
Thanks
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme ¬© 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.