Site Statistics
 
Threads: 3,850
Posts: 17,025
Members: 2,895
Users Online: 18
Newest Member: yhangjoy


Go Back   PC101 > PC Software > Graphic/Utility/Business Software
Reload this Page Security issues over using ODBC over the web.

Graphic/Utility/Business Software Software like Excel, Word, Front Page, Access, Excel, Powerpoint, PhotoShop, Paintshop Pro, Gimpetc.


Reply
 
LinkBack Thread Tools Display Modes
Old 09-29-2005, 09:35 AM   #1
Junior Member
 
Join Date: Sep 2005
Posts: 2
Rep Power: 0 mediapro is on a distinguished road
Security issues over using ODBC over the web.
Can somebody help in identifying the pros and cons of using ODBC for connecting to web-based databases over the internet?
mediapro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 09-29-2005, 10:15 PM   #2
Distinguished Member
 
Join Date: Jul 2005
Posts: 2,208
Rep Power: 5 Will.Spencer is on a distinguished road
There are two areas of potential security vulnerabilities I see with ODBC over the Internet:

1. Privacy

A hacker with a packet sniffer anywhere along the data path will be able to eavesdrop on your ODBC traffic.

This can be prevented by encrypting your data at the application layer before transmission, or by tunneling ODBC using SSH, TLS, or IPSec.

2. ODBC daemon vulnerabilities

The Internet-facing ODBC daemon will be subject to attack.

This is the same as any Internet daemon, such as a mail server or a web server. However, an ODBC driver manager is a complex piece of software which at least seems more likely to have security vulnerabilities.

Mature Internet daemons such as Apache's httpd have had millions of man-years of security research poured into them by both security professionals and computer hackers. ODBC daemons have not been subject to anywhere near as much security analysis.

This threat can be ameliorated if you can limit the number of remote IP addresses which are allowed to connect to your ODBC driver manager.
Will.Spencer is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« - | How To Configure Flashget for an Ftp With Pasv Mod »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Finding software security flaws Lyte PC Security 0 12-31-2006 10:18 AM
Best Practices for Enterprise Network Security Will.Spencer Networking 0 10-19-2006 04:40 PM
Microsoft plugs 21 security holes OulZac PC Security 5 08-08-2006 01:18 PM
The Five Myths of Web Application Security Will.Spencer Web Design and Development 0 03-01-2006 07:44 AM
Ethical hacking can ensure computer security... Lyte PC Security 0 01-23-2006 06:01 PM



All times are GMT -5. The time now is 08:18 PM.

Powered by vBulletin Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0 RC5


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41