Skip to main content
Information Security

Questions tagged [databases]

Ask Question

Security related aspects of databases and database access.

764 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
20 votes
8 answers
4k views

I am writing a book, and in it, a character has hacked an employee database. They want to do two things: read and write. They want to see all the employees, but they also want to insert a new employee ...
user110391's user avatar
  • 301
0 votes
2 answers
127 views

Context: I work for a business that uses an ERP's built in macro functionality to automate tasks. It uses VBScript as its language. Previous IT Admins had hardcoded the DB connection in all of these ...
SJG's user avatar
  • 1
3 votes
2 answers
796 views

Quick Context: I often come across videos where people build apps using SQL database services alongside serverless functions (like AWS Lambda, Vercel, and others) without setting up a VPC to keep the ...
Vitor Figueredo Marques's user avatar
  • 223
5 votes
2 answers
1k views

There are database services offering access to the database via a HTTPS API, such as Neon and Algolia. This is great for serverless environments, but from a security standpoint, I’m curious if this ...
Vitor Figueredo Marques's user avatar
  • 223
0 votes
1 answer
124 views

At the end of Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet it says Avoid encrypting identifiers as it can be challenging to do so securely. On login I store a cryptographically generated ...
fundagain's user avatar
  • 103
3 votes
1 answer
3k views

I'm starting out as a bug bounty hunter and found a website that might have a problem yet I'm unsure if its exploitable or not. When sending any payload that contains % I get an error: Invalid query ...
Red Potato's user avatar
  • 33
1 vote
0 answers
92 views

It seems technically plausible to me that one could implement some form of data store where the individual data points are protected by the encryption provided by the Trusted Platform Module available ...
User65535's user avatar
  • 447
4 votes
1 answer
508 views

Would there be any security concerns saving mongod.conf to $HOME/web-server/mongod.conf instead of /etc/mongod.conf ? If the config was under $HOME/web-server/mongod.conf would that mean someone (or a ...
user1709076's user avatar
  • 211
0 votes
1 answer
118 views

At $work we need to store a sensitive attribute of a user (say SSN - so, short and with a small keyspace) and look up the user based on this attribute when data is submitted into our system. We cannot ...
strugee's user avatar
  • 758
0 votes
0 answers
418 views

I'm doing a website PT lab and I'm trying to figure out SQL vulnerability in MariaDB. After some scanning I found the /api/ path, and one of them gives the desired SQL I found out that ' gives me the ...
ewondles's user avatar
  • 1
2 votes
1 answer
1k views

I think this should be the right SE, apologies otherwise I have been researching ways to be more careful with how I handle important documents and credentials, but everything I found sounded ...
Mister Mystère's user avatar
  • 215
1 vote
1 answer
400 views

I am working on a application which requires session token to commence trading activities. This will be hosted on a cloud based Linux VM (Ubuntu) and a managed MySQL database. Session token are ...
excelman's user avatar
  • 111
0 votes
0 answers
414 views

I was working on a target where sqlmap detected boolean based time blind injection. Everything was working perfect but you know it was time blind injection so I knew that this is going to take forever ...
Solo's user avatar
  • 41
0 votes
1 answer
304 views

A quick something I’ve been wondering: why is the boot key used to access the encrypted SAM database hashes, (and not another key,) and also what encryption mechanism is actually used to encrypt the ...
security_paranoid's user avatar
  • 4,815
1 vote
2 answers
489 views

Ok- so you all probably know that a hash is used to help secure a stored password in a database, if it was stolen. When a user logs in, and enters a password, it gets hashed, and then matched to a ...
security_paranoid's user avatar
  • 4,815

15 30 50 per page
1
2 3 4 5
51