DASP SQL Security

markreyn · Jun 12, 2008

Hi

I use FTP via SSL but i'm not sure my database connections are secured in the same way.
I connect to my DASP SQLServer using Management Studioand update my database using DTS.
How secure are these connections?

Can insert or update sql statements containing customer details be sniffed/hacked?
Should I be concerned?Should I use FTP via SSL to copy sensitive data instead?

Please advise

Regards

Mark

mjp · Jun 12, 2008

markreyn said...

Can insert or update sql statements containing customer details be sniffed/hacked?

Yes and no.

Is it technically possible? Certainly. But the likelihood of your data being sniffed en route is negligible to the point of practical nonexistence these days. There is simply too much traffic now to make sniffing a simple task. And the more difficult any sort of illicit activity becomes, the less likely it is to affect you, as the vast majority of people out there gathering this kind of data are not exactly geniuses.

The next most common method for capturing your data is a keylogger on your computer, deposited by a worm or virus. Since the keylogger is logging all input from the keyboard, the security of any given connection is kind of a moot point. But even keyloggers are falling out of favor as phishing becomes more common. Why target a small group of people that you have to physically exploit when there is an entire planet worth of victims on the internet?

If you have security concerns I think the most effective thing to do is change your passwords on a frequent basis. Doing so can prevent an exploit even if the bad guys get their hands on your login information.
Click to expand...

markreyn · Jun 13, 2008

Thanks mjp,

Just pre-empting possible security questions from my client, your response will hopefully settle any concerns

Regards
Mark

Log in or Sign up

DASP SQL Security

markreyn

mjp

markreyn

Share This Page

Log in or Sign up

DASP SQL Security

markreyn

mjp

markreyn

Share This Page

Useful Searches