Security Analysis of MSSQL and MySQL

zhaozj2021-02-12  177

The database is the basis of e-commerce, finance, and ERP systems, usually saved important business partners and

Customer Information. Most enterprises, organizations, and government departments are stored in various databases, they

Some personal information is saved with these databases and also grasp the sensitive financial data. But the database usually does not like

Operating systems and networks are subject to security. Data is the lifeblood of enterprises, organizational, so choose

A secure database is critical. Large websites generally use Oracle or DB2, and small and medium-sized websites

Most use more flexible and compact MSSQL databases or MySQL databases. So, under the same conditions, micro

Soft MSSQL and free mysql which are more secure?

I have installed MSSQL and MySQL with the administrator account with the administrator account to measure in the same case.

Try their safety. My system is configured as follows: Operating System Microsoft Windows 2000 Version5.0,

SP4, FTP services and IIS services are installed, support ASP and PHP. The system has only one administrator account admin, guest

The account is not disabled.

1. System internal security analysis

1.Mysql database permissions control problem

MySQL's permission control is based on the mysql database, called an authorization form, including six tables

Column_Priv, DB, FUNC, HOST, TABLES_PRIV and USER. First use the desc user command to view non-

Often important User tables for query, now you can view his permissions.

Use the command Select Host, User, Password, Delete_Priv, Update_Priv, Drop_Priv from User;

This command reviews several dangerous permissions, the results are as follows:

Mysql> SELECT HOST, User, Password, Delete_Priv, Update_Priv, Drop_Priv from User

--------- ---- ------------------ --------- - ------------ -----------

| Host | User | Password | delete_priv | update_priv | Drop_priv |

--------- ---- ------------------ --------- - ------------ -----------

| Localhost | root | 0e4941f53f6fa106 | Y | Y | Y |

|% | Root | | Y | Y | Y |

| Localhost | | | Y | Y | Y |

|% | | | N | n | n |

--------- ---- ------------------ --------- - ------------ -----------

4 rows in set (0.00 sec)

The first article indicates that the machine uses the root to log in, with the delete record, modify the record, delete table, etc.

Ok, this is safe. Article 2 means that in any host, use root without a password, there is a delete record,

Modify the record, delete the license. Article 3 means that the unit is anonymous to log in, with deletion records, modified

Record, delete the license. The last article indicates that any host is anonymous, but there is no permission.

Obviously, second, third, four are not safe! The second note is not to say, in terms of article 3, even if you are guest permissions locally, you can also log in to the MySQL database and have all permissions. In this way, you can log

According to the library, I want to do it.

Workaround: If you don't need remote maintenance, remove the second, delete from user where

Host = "%" and user = "root"; or give it a strong password. Delete Article 3, Delete from

User where host = "localhost" and user = ""

2. Mysql installation directory issue

MySQL is installed by default to C: / mysql, but the deffault is EVERYONE full control, due to the inheritance of authority

Sex, c: / mysql is also fully controlled to Everyone, apparently, is not safe. Because malicious users can

Delete important data files.

Workaround: Reset access to the mysql directory. Or install mysql to another directory, if

You move MySQL to D: / MySQL, you must use

D: / mysql / bin / mysqld --Basedir D: / mysql to start mysqld, even need to modify its configuration

file.

3. MSSQL database permissions control problem

The authority control of the MSSQL database is based on the syslogins table of the Master library, and the account owns all permissions is

SA, there are other permissions and other permissions of Sysadmin, DB_OWNER. However, the maximum authority account of the MSSQL database

The default password of SA is empty, so if it is not paying attention, it will bring devastating disasters to data.

Malicious attackers can modify, delete all data, more important, MSSQL accounts can utilize extension execution

Command.

Workaround: Regularly check all login accounts to see if there is a password that does not meet the requirements.

Use master

SELECT NAME, Password from syslogins where password is null command checks if there is a space

The password account exists. Delete storage extensions as much as possible to prevent local users from using storage expansion to perform malicious commands.

Use master

The sp_dropextendedproc xp_cmdshell command deletes XP_cmdshell extensions.

4. MSSQL installation directory issue

Like MySQL, MSSQL is also installed to everyone fully controlled C drive, due to access control issues, most

It is well installed to non-systemic discs such as D-D-Diamount for strict privilege control. Moreover, since the MSSQL database is very close to the system combination,

The system administrator can also operate the database by selecting Windows authentication without the database password. Therefore, ordinary users have

You may increase your permissions through system vulnerabilities, and the database is destroyed.

Solution: In addition to strict access limitations, you have to check if the SQL Server log check is available.

Suspected login events, or use the dos command FINDSTR / C: "Login" D: / Microsoft SQL Server / MSSQL / LOG / *.

The security of MSSQL is closely combined with the security of Windows systems, and any vulnerability will threaten another security.

Summary, both MySQL and MSSQL do not meet the degree of satisfactory degree, account security, access rights

It's not very controlled. But MSSQL has a detailed log to view the login situation, which is better than MySQL. If

Reasonable settings, mysql is more secure, because of MSSQL, as long as system permissions can have database permissions. II. External network security analysis

1. Detection of database services

For safety, you can let the MySQL service run in the inside network, but if your machine has external network interface, MySQL will automatically bind

On the top of the Internet, exposed in the Internet, and the system will listen in the TCP 3306 port, which is very easy to be discovered by the port scan tool, no

Can guarantee data security. If by default, MSSQL opens the 1433 port listening of TCP. Although MSSQL can change the monitor port,

It is easy to know what TCP / IP ports used by SQL Server can be found through Microsoft's unprecedented 1434 ports. Go to UDP1434 port

Send a packet of 1 byte of content 02, the detected system returns the installed MSSQL service information, including: host name

Profile, instance name, version, pipe name, and ports used. This port is Microsoft's own use, and it is not like the default 1433 port.

The sample can be changed, and 1434 cannot be changed. A typical return information is as follows:

Servername; Sky; InstanceName; Sky; Isclustered; NO; Version; 8.00.194; TCP; 3341; Np; // SKY / PIPE / MSSQL $ XHT310 / SQL / Query;

It can be found that the MSSQL TCP port is changed to 3341, which opens the door to the attacker! As long as you will program knowledge,

It is easy to write a program for scanning the MSSQL service, and because of the UDP port, the general filtering is difficult to prevent.

The AWEN of the heaven wrote a probe, used by the C # language, the code is as follows:

Using system;

Using system.net.sockets;

Using system.net;

Using system.text;

Using system.threading;

Namespace ConsoleApplication3

{

Class class1

{

// Create a UDPCLIENT instance

PRIVATETIC UDPCLIENT M_CLIENT;

// Listen is used to get the return information

Public Static String Listen (String Hostip)

{

String hostip = hostip;

Ipaddress thisip = ipaddress.parse (Hostip);

IpendPoint Host = New IpendPoint (THISIP, 1434);

Byte [] data = m_client.receive (ref host);

ENCODING ASCII = Encoding.ASCII;

String strdata = ascii.getstring (data);

Return strdata;

}

// send

Public Static Void Send (String Hostip)

{

String hostip = hostip;

BYTE [] buffer = {02};

// 02 is the data to be sent, only 02, 03, 04 has a response

Int ecode = m_client.send (Buffer, 1, Hostip, 1434);

// eCode is used to return to successfully send

IF (ecode <= 0)

{

Console.writeline ("Error Send:" Ecode);

}

}

/ / Simple processing of the returned information

Public static void outputinfo (string strdata) {

String str = strdata;

//str.le

CHAR [] That = {';', ';'};

String [] strofthis = str.split (there);

// int i = 0

For (int i = 0; i {

Console.write (StroftHIS);

Console.write ('

');

}

}

// Enter IP

Public static string infuthostip ()

{

Console.write ("Enter the ip you want to scan:

");

String hostip = console.readline ();

Console.write ('

');

Return Hostip;

}

// EXIT

Public static void exit ()

{

Console.writeline ("if you want to exit, Just Input 1

");

INT a = console.read ();

IF (a! = 1)

{

Console.writeline ("if you want to exit, Just Input 1

");

Console.read ();

}

Else

{

}

}

[Stathread]

Static void main (string [] args)

{

String hostip;

Hostip = INPUTHOSTIP ();

Console.writeline ("Begin to Send Udp to the Host);

m_client = new udpclient ();

Send (Hostip);

String strdata = listen (Hostip);

OutputInfo (strdata);

Exit ();

}

}

}

3 A typical return information

Servername; AWEN;

INSTANCENAME; AWEN;

ISClustered; NO;

Version; 8.00.194;

TCP; 1044; (TCP port, it is easy to find that the port is also easy to find)

Np; // awen / pipe / mssql $ xht310 / sql / query;

Solution: Install a firewall, or use the IPSec of the Windows 2000 system to limit the IP limit for the network connection, implement the IP packet

Safety. Limiting the IP connection, only ensuring that your IP can access, reject port connections to other IPs, and putting the security from the network

All threats are effectively controlled. What is important is to filter ports, including most of TCP and UDP ports, because only IP restrictions

If the malicious attacker is first attacking the host trusted by the database server, the database server is attacked as a feeder.

2. Database password detection

Password attacks include two, crack passwords and network monitors. Crack password is to use the tool-keep connection database to guess the password,

Includes dictionary attacks, violent attacks, and semi-violent semi-dictionary attacks between the two. Usually the attacker first uses a Dictionary attack method,

Semi-violent semi-dictionary attacks, violent attacks are seminated in turn. In the case of a good network, the computer operates is strong enough.

The password attack hazard is quite large. Network listening is to control a network device, run listening tools above, in the network

Password information. Network monitor can be divided into two, one is an external monitor, put the listening tool software to the network connection device or put on the computer that can control the network connection device, network connection device, such as gateway servers, such as a router and many more. Another one

The species is from internal monitors. For unsafe local area networks, data is propagated by broadcasting, as long as the network card is set to hybrid mode

The formula can be received, which is not a packet, which may of course include password information, etc.

Workaround: Disconnect the password, as long as the password is set to be strong enough, it can be shielded to the same IP address.

But for the listening, if the network is transmitted, if it is not encrypted, all network transfers are clear, including passwords, database content, etc.

Wait, no matter how complex password is not good, this is a big security threat. Therefore, in the case of the conditions, it is best to use SSL.

To encrypt the agreement, of course, you need a certificate to support. Moreover, for network monitoring, it should be found in time if the packet loss rate in the network is suddenly mentioned

High, then there is reason to suspect that the network is listening.

3. Script security

Scripting security itself is a very complex problem, enough to write a professional long analysis article, and I am not very inner, Mix, Envymask, Pskey, Angel, is more crazy, haha. script

Safety is mainly due to the lack of strict inspection of submitted data, and more dangerous symbols are "", "", "#", "-", "$",

"/"Wait. This problem was initially considered asp SQL Server problem, but soon found that its impact was very large, and someone continued

In-depth discovery in PHP MySQL, the problem will still exist, SAN has made a deep analysis of PHP, interested in safe focus to find his article. For script

It seems that there is no special solution, only relying on programmers' personal qualities ...

Summary, whether it is mysql, or MSSQL, in the external network, it is considerably threatened. In contrast, the threat of MSSQL is

Even more, in the past two years, MSSQL has exposed a number of remote overflow vulnerabilities. If the configuration is better, I think Mysql

Some of MSSQL, because new overflow vulnerabilities that will be exploded at any time are anti-fighting, and the SQL injection attack that can perform system commands is also terrible. Ok, it is limited to the space, this article ends here.

转载请注明原文地址:https://www.9cbs.com/read-6831.html

New Post(0)