Dangerous: no security vulnerability scan is performed.
Consequence: operating system and network ProgramHackers have discovered vulnerabilities and even databases have been cracked.
Remedy: always keep the latest security patches and regularly use security vulnerability assessment tools for scanning.
Dangerous: List SQL Server Resolution services.
Consequence: attackers can obtain database information or conduct cache overflow attacks. sqlping can also be used even if the database instance does not listen to the default port.
Remedy: Filter access requests from unauthenticated IP addresses.
Dangerous: weak SA password or no password set.
Consequence: the hacker enters the database by cracking the password.
Remedy: set a strong password and do not leave any database account with a blank password.
Dangerous: The Web program connected to the database does not filter SQL injection.
Consequence: hackers inject SQL commands into normal data and submit them to the server.
Remedy: Verify and filter the data sent from the browser, and the data cannot be directly submitted to the database.
Dangerous: Google hacks.
Consequence: the hacker uses the search engine to find the SQL error page of the web program, find the information, vulnerability, and even view the password directly.
Remedy: capture your errors. Do not let the program output the error information to the public page, but write it to log.