Dangerous: no security vulnerability scan is performed.
Consequence: vulnerabilities in the operating system and network programs are discovered by hackers, and even the database is broken.
Remedy: always keep the latest security patches and regularly use security vulnerability assessment tools for scanning.
Dangerous: List SQL Server Resolution services.
Consequence: attackers can obtain database information or conduct cache overflow attacks. SQLPing can also be used even if the database instance does not listen to the default port.
Remedy: Filter access requests from unauthenticated IP addresses.
Dangerous: weak SA password or no password set.
Consequence: the hacker enters the database by cracking the password.
Remedy: set a strong password and do not leave any database account with a blank password.
Dangerous: The WEB program connected to the database does not filter SQL injection.
Consequence: hackers inject SQL commands into normal data and submit them to the server.
Remedy: Verify and filter the data sent from the browser, and the data cannot be directly submitted to the database.
Dangerous: Google hacks.
Consequence: the hacker uses the search engine to find the SQL error page of the WEB program, find the information, vulnerability, and even view the password directly.
Remedy: capture your errors. Do not let the program output the error information to the public page, but write it to Log.