Hazard: No security vulnerabilities were scanned.
Consequences: The operating system and the network program itself vulnerabilities were discovered by hackers, the database was compromised.
Remediation: Always keep up to date with security patches and periodically scan using the vulnerability assessment tool.
Risk: Enumerate SQL Server Resolution services.
Consequences: An attacker can obtain database information, or cache overflow attacks, sqlping even if the database instance does not listen for the default port to play a role.
Remediation: Filtering access requests for IP that is not authenticated.
Hazard: Weak sa password or no password set.
Consequence: Hackers enter the database by cracking passwords.
Remediation: Set a strong password, and do not leave any blank password database account.
Hazard: The Web program connected to the database does not filter SQL injection.
Consequence: The hacker injected the SQL instruction into the normal data and submitted it to the server.
Remediation: Verifies and filters data from browsers and cannot be submitted directly to the database.
Danger: Google hacks.
Consequences: Hackers use search engines to search the Web program's SQL error page, find information, vulnerabilities and even see the password directly.
Remedy: Catch your error, don't let the program output the error message to the public page, but write log.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
