Home Page Icon
Home Page
Table of Contents for
Part I: Introduction
Close
Part I: Introduction
by Bill Grindlay, John Heasman, Chris Anley, David Litchfield
The Database Hacker's Handbook: Defending Database Servers
Cover Page
Title Page
Copyright
Dedication
About the Author
Credits
Contents
Preface
Who This Book Is For
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Companion Web Site
Acknowledgements
Introduction
Part I: Introduction
CHAPTER 1: Why Care About Database Security?
Which Database Is the Most Secure?
The State of Database Security Research
So What Does It All Mean?
Finding Flaws in Your Database Server
Conclusion
Part II: Oracle
CHAPTER 2: The Oracle Architecture
Examining the Oracle Architecture
The Oracle RDBMS
The Oracle Intelligent Agent
Oracle Authentication and Authorization
Database Authentication
CHAPTER 3: Attacking Oracle
Scanning for Oracle Servers
Oracle's PL/SQL
PL/SQL Injection
Injecting into DELETE, INSERT, and UPDATE Statements
Injecting into Anonymous PL/SQL Blocks
Executing User-Supplied Queries with DBMS_SQL
Real-World Examples
PL/SQL and Oracle Application Server
Summary
CHAPTER 4: Oracle: Moving Further into the Network
Running Operating System Commands
Accessing the File System
Accessing the Network
PL/SQL and the Network
Summary
CHAPTER 5: Securing Oracle
Oracle Security Recommendations
Oracle Database Server
Part III: DB2
CHAPTER 6: IBM DB2 Universal Database
Introduction
DB2 Deployment Scenarios
DB2 Processes
DB2 Physical Database Layout
DB2 Logical Database Layout
DB2 Authentication and Authorization
Authorization
Summary
CHAPTER 7: DB2: Discovery, Attack, and Defense
Finding DB2 on the Network
CHAPTER 8: Attacking DB2
Buffer Overflows in DB2 Procedures and Functions
DB2 Remote Command Server
Running Commands Through DB2
Gaining Access to the Filesystem Through DB2
Local Attacks Against DB2
Summary
CHAPTER 9: Securing DB2
Securing the Operating System
Securing the DB2 Network Interface
Securing the DBMS
Remove Unnecessary Components
And Finally . . .
Part IV: Informix
CHAPTER 10: The Informix Architecture
Examining the Informix Architecture
The Informix Logical Layout
CHAPTER 11: Informix: Discovery, Attack, and Defense
Attacking and Defending Informix
Attacking Informix with Stored Procedural Language (SPL)
SQL Buffer Overflows in Informix
Summary
CHAPTER 12: Securing Informix
Keep the Server Patched
Encrypt Network Traffic
Revoke the Connect Privilege from Public
Enable Auditing
Revoke Public Permissions on File Access Routines
Revoke Public Execute Permissions on Module Routines
Preventing Shared Memory from Being Dumped
Preventing Local Attacks on Unix-Based Servers
Restrict Language Usage
Useful Documents
Part V: Sybase ASE
CHAPTER 13: Sybase Architecture
Sybase Background
History
Stand-Out Features
CHAPTER 14: Sybase: Discovery, Attack, and Defense
Finding Targets
Attacking Sybase
MS SQL Server Injection Techniques in Sybase
External Filesystem Access
Defending Against Attacks
Older Known Sybase ASE Security Bugs
Sybase Version Tool
CHAPTER 15: Sybase: Moving Further into the Network
Accessing the Network
Connecting to Other Servers with Sybase
Java in SQL
Trojanning Sybase
CHAPTER 16: Securing Sybase
Sybase Security Checklist
Background
Operating System
Sybase Users
Sybase Configuration
Part VI: MySQL
CHAPTER 17: MySQL Architecture
Examining the Physical Database Architecture
Examining the Logical Database Architecture
Exploiting Architectural Design Flaws
CHAPTER 18: MySQL: Discovery, Attack, and Defense
Finding Targets
Hacking MySQL
Local Attacks Against MySQL
The MySQL File Structure Revisited
CHAPTER 19: MySQL: Moving Further into the Network
MySQL Client Hash Authentication Patch
Running External Programs: User-Defined Functions
User-Defined Functions in Windows
Summary
CHAPTER 20: Securing MySQL
MySQL Security Checklist
Background
Operating System
MySQL Users
MySQL Configuration
Routine Audit
Part VII: SQL Server
CHAPTER 21: Microsoft SQL Server Architecture
SQL Server Background
Physical Architecture
Logical Architecture
Users and Groups
CHAPTER 22: SQL Server: Exploitation, Attack, and Defense
Exploitation
Exploiting Design Flaws
SQL Injection
Covering Tracks
CHAPTER 23: Securing SQL Server
Installation
Configuration
Part VIII: PostgreSQL
CHAPTER 24: The PostgreSQL Architecture
Examining the Physical Database Architecture
The PostgreSQL File Structure
CHAPTER 25: PostgreSQL: Discovery and Attack
Finding Targets
The PostgreSQL Protocol
Network-Based Attacks Against PostgreSQL
Information Leakage from Compromised Resources
Known PostgreSQL Bugs
SQL Injection with PostgreSQL
Interacting with the Filesystem
Summary
CHAPTER 26: Securing PostgreSQL
APPENDIX A: Example C Code for a Time-Delay SQL Injection Harness
APPENDIX B: Dangerous Extended Stored Procedures
Registry
System
E-Mail
OLE Automation
APPENDIX C: Oracle Default Usernames and Passwords
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Introduction
Next
Next Chapter
CHAPTER 1: Why Care About Database Security?
PART I
Introduction
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset