MaxStocker.com   MaxStocker.com    
   
Home About Blog Stuff Contact
 
   
 

August 2008

Mac Mail Sillyness
Posted : Sat August 30th

Can a community change?
Posted : Wed August 27th

Enough with the AJAX already
Posted : Tue August 26th

Fun with Tomcat
Posted : Sat August 23rd

Design trickyness
Posted : Tue August 19th

Garbage in, garbage out
Posted : Mon August 18th

The hidden costs of older apps
Posted : Sun August 17th

Closing JDBC resources
Posted : Fri August 15th

Accident or Google Conspiracy
Posted : Wed August 13th

Excitement
Posted : Fri August 8th

Time for ISP responsibility
Posted : Fri July 25th

Keep a lid on it
Posted : Tue July 22nd

4 minutes till doomsday
Posted : Tue July 15th

It's your name, you should own it
Posted : Mon July 14th

Recent Comments

Max in Whose blog is it anyway?
on Mon May 10th

Rob in Whose blog is it anyway?
on Fri May 7th

Anonymous in SEO and the magic beans
on Thu April 8th

Max in SEO and the magic beans
on Thu April 8th

n.o. in SEO and the magic beans
on Thu April 8th

silky in Right way, wrong way
on Fri February 19th

Categories

Technical
69 Entries

Security
18 Entries

Java
23 Entries

Privacy
6 Entries

Database
11 Entries

Internet
58 Entries

Business
31 Entries

Site Updates
19 Entries

Personal
86 Entries

RSS Feed RSS Feed

Tag Cloud

Excitement
Posted : Friday August 8th, 2008

So... it's been kind of an interesting time lately. Some servers that I am looking after as the usual admin is away on vacation were hacked. There was both a SQL injection attack against a website and there was a direct attack of the back end database as well.

Some code patching and a firewall helped. Not sure why the firewall wasn't already in place...

I do find SQL server's security options both complex and limited.

Tags

firewall  hacking  work 

Categories

Security  Personal 

Comments

silky - Aug 9th 2008 1:15 AM
 
I'm fairly sure, that least in sql2k5, "schema's" are where it's at for 'role-based' style security. can't say i feel like caring too much about it though.

but it's probably worth considering.

Max - Aug 13th 2008 3:52 AM
 
I guess what I find is that as per usual with Microsoft the security model is complex and generally useless.

A Windows admin once remarked to me (back in the NT 4 days) that most of the admin features in NT server seemed to be solely designed to give admins a variety of methods to torture users.

I think he was on to something.

  
   
  Follow me on Twitter   My Facebook Profile   My LinkedIn Profile   RSS feed of my blog Home   |   About   |   Blog   |   Stuff   |   Contact   |   Privacy Policy  
   
  © 2008 Max Stocker