The database is the basis of e-commerce, finance, and ERP systems, usually saved important business partners and
Customer Information. Most enterprises, organizations, and government departments are stored in various databases, they
Some personal information is saved with these databases and also grasp the sensitive financial data. But the database usually does not like
Operating systems and networks are subject to security. Data is the lifeblood of enterprises, organizational, so choose
A secure database is critical. Large websites generally use Oracle or DB2, and small and medium-sized websites
Most use more flexible and compact MSSQL databases or MySQL databases. So, under the same conditions, micro
Soft MSSQL and free mysql which are more secure?
I have installed MSSQL and MySQL with the administrator account with the administrator account to measure in the same case.
Try their safety. My system is configured as follows: Operating System Microsoft Windows 2000 Version5.0,
SP4, FTP services and IIS services are installed, support ASP and PHP. The system has only one administrator account admin, guest
The account is not disabled.
1. System internal security analysis
1.Mysql database permissions control problem
MySQL's permission control is based on the mysql database, called an authorization form, including six tables
Column_Priv, DB, FUNC, HOST, TABLES_PRIV and USER. First use the desc user command to view non-
Often important User tables for query, now you can view his permissions.
Use the command Select Host, User, Password, Delete_Priv, Update_Priv, Drop_Priv from User;
This command reviews several dangerous permissions, the results are as follows:
Mysql> SELECT HOST, User, Password, Delete_Priv, Update_Priv, Drop_Priv from User
--------- ---- ------------------ --------- - ------------ -----------
| Host | User | Password | delete_priv | update_priv | Drop_priv |
--------- ---- ------------------ --------- - ------------ -----------
| Localhost | root | 0e4941f53f6fa106 | Y | Y | Y |
|% | Root | | Y | Y | Y |
| Localhost | | | Y | Y | Y |
|% | | | N | n | n |
--------- ---- ------------------ --------- - ------------ -----------
4 rows in set (0.00 sec)
The first article indicates that the machine uses the root to log in, with the delete record, modify the record, delete table, etc.
Ok, this is safe. Article 2 means that in any host, use root without a password, there is a delete record,
Modify the record, delete the license. Article 3 means that the unit is anonymous to log in, with deletion records, modified
Record, delete the license. The last article indicates that any host is anonymous, but there is no permission.
Obviously, second, third, four are not safe! The second note is not to say, in terms of article 3, even if you are guest permissions locally, you can also log in to the MySQL database and have all permissions. In this way, you can log
According to the library, I want to do it.
Workaround: If you don't need remote maintenance, remove the second, delete from user where
Host = "%" and user = "root"; or give it a strong password. Delete Article 3, Delete from
User where host = "localhost" and user = ""
2. Mysql installation directory issue
MySQL is installed by default to C: / mysql, but the deffault is EVERYONE full control, due to the inheritance of authority
Sex, c: / mysql is also fully controlled to Everyone, apparently, is not safe. Because malicious users can
Delete important data files.
Workaround: Reset access to the mysql directory. Or install mysql to another directory, if
You move MySQL to D: / MySQL, you must use
D: / mysql / bin / mysqld --Basedir D: / mysql to start mysqld, even need to modify its configuration
file.
3. MSSQL database permissions control problem
The authority control of the MSSQL database is based on the syslogins table of the Master library, and the account owns all permissions is
SA, there are other permissions and other permissions of Sysadmin, DB_OWNER. However, the maximum authority account of the MSSQL database
The default password of SA is empty, so if it is not paying attention, it will bring devastating disasters to data.
Malicious attackers can modify, delete all data, more important, MSSQL accounts can utilize extension execution
Command.
Workaround: Regularly check all login accounts to see if there is a password that does not meet the requirements.
Use master
SELECT NAME, Password from syslogins where password is null command checks if there is a space
The password account exists. Delete storage extensions as much as possible to prevent local users from using storage expansion to perform malicious commands.
Use master
The sp_dropextendedproc xp_cmdshell command deletes XP_cmdshell extensions.
4. MSSQL installation directory issue
Like MySQL, MSSQL is also installed to everyone fully controlled C drive, due to access control issues, most
It is well installed to non-systemic discs such as D-D-Diamount for strict privilege control. Moreover, since the MSSQL database is very close to the system combination,
The system administrator can also operate the database by selecting Windows authentication without the database password. Therefore, ordinary users have
You may increase your permissions through system vulnerabilities, and the database is destroyed.
Solution: In addition to strict access limitations, you have to check if the SQL Server log check is available.
Suspected login events, or use the dos command FINDSTR / C: "Login" D: / Microsoft SQL Server / MSSQL / LOG / *.
The security of MSSQL is closely combined with the security of Windows systems, and any vulnerability will threaten another security.
Summary, both MySQL and MSSQL do not meet the degree of satisfactory degree, account security, access rights
It's not very controlled. But MSSQL has a detailed log to view the login situation, which is better than MySQL. If
Reasonable settings, mysql is more secure, because of MSSQL, as long as system permissions can have database permissions. II. External network security analysis
1. Detection of database services
For safety, you can let the MySQL service run in the inside network, but if your machine has external network interface, MySQL will automatically bind
On the top of the Internet, exposed in the Internet, and the system will listen in the TCP 3306 port, which is very easy to be discovered by the port scan tool, no
Can guarantee data security. If by default, MSSQL opens the 1433 port listening of TCP. Although MSSQL can change the monitor port,
It is easy to know what TCP / IP ports used by SQL Server can be found through Microsoft's unprecedented 1434 ports. Go to UDP1434 port
Send a packet of 1 byte of content 02, the detected system returns the installed MSSQL service information, including: host name
Profile, instance name, version, pipe name, and ports used. This port is Microsoft's own use, and it is not like the default 1433 port.
The sample can be changed, and 1434 cannot be changed. A typical return information is as follows:
Servername; Sky; InstanceName; Sky; Isclustered; NO; Version; 8.00.194; TCP; 3341; Np; // SKY / PIPE / MSSQL $ XHT310 / SQL / Query;
It can be found that the MSSQL TCP port is changed to 3341, which opens the door to the attacker! As long as you will program knowledge,
It is easy to write a program for scanning the MSSQL service, and because of the UDP port, the general filtering is difficult to prevent.
The AWEN of the heaven wrote a probe, used by the C # language, the code is as follows:
Using system;
Using system.net.sockets;
Using system.net;
Using system.text;
Using system.threading;
Namespace ConsoleApplication3
{
Class class1
{
// Create a UDPCLIENT instance
PRIVATETIC UDPCLIENT M_CLIENT;
// Listen is used to get the return information
Public Static String Listen (String Hostip)
{
String hostip = hostip;
Ipaddress thisip = ipaddress.parse (Hostip);
IpendPoint Host = New IpendPoint (THISIP, 1434);
Byte [] data = m_client.receive (ref host);
ENCODING ASCII = Encoding.ASCII;
String strdata = ascii.getstring (data);
Return strdata;
}
// send
Public Static Void Send (String Hostip)
{
String hostip = hostip;
BYTE [] buffer = {02};
// 02 is the data to be sent, only 02, 03, 04 has a response
Int ecode = m_client.send (Buffer, 1, Hostip, 1434);
// eCode is used to return to successfully send
IF (ecode <= 0)
{
Console.writeline ("Error Send:" Ecode);
}
}
/ / Simple processing of the returned information
Public static void outputinfo (string strdata) {
String str = strdata;
//str.le
CHAR [] That = {';', ';'};
String [] strofthis = str.split (there);
// int i = 0
For (int i = 0; i {
Console.write (StroftHIS);
Console.write ('
');
}
}
// Enter IP
Public static string infuthostip ()
{
Console.write ("Enter the ip you want to scan:
");
String hostip = console.readline ();
Console.write ('
');
Return Hostip;
}
// EXIT
Public static void exit ()
{
Console.writeline ("if you want to exit, Just Input 1
");
INT a = console.read ();
IF (a! = 1)
{
Console.writeline ("if you want to exit, Just Input 1
");
Console.read ();
}
Else
{
}
}
[Stathread]
Static void main (string [] args)
{
String hostip;
Hostip = INPUTHOSTIP ();
Console.writeline ("Begin to Send Udp to the Host);
m_client = new udpclient ();
Send (Hostip);
String strdata = listen (Hostip);
OutputInfo (strdata);
Exit ();
}
}
}
3 A typical return information
Servername; AWEN;
INSTANCENAME; AWEN;
ISClustered; NO;
Version; 8.00.194;
TCP; 1044; (TCP port, it is easy to find that the port is also easy to find)
Np; // awen / pipe / mssql $ xht310 / sql / query;
Solution: Install a firewall, or use the IPSec of the Windows 2000 system to limit the IP limit for the network connection, implement the IP packet
Safety. Limiting the IP connection, only ensuring that your IP can access, reject port connections to other IPs, and putting the security from the network
All threats are effectively controlled. What is important is to filter ports, including most of TCP and UDP ports, because only IP restrictions
If the malicious attacker is first attacking the host trusted by the database server, the database server is attacked as a feeder.
2. Database password detection
Password attacks include two, crack passwords and network monitors. Crack password is to use the tool-keep connection database to guess the password,
Includes dictionary attacks, violent attacks, and semi-violent semi-dictionary attacks between the two. Usually the attacker first uses a Dictionary attack method,
Semi-violent semi-dictionary attacks, violent attacks are seminated in turn. In the case of a good network, the computer operates is strong enough.
The password attack hazard is quite large. Network listening is to control a network device, run listening tools above, in the network
Password information. Network monitor can be divided into two, one is an external monitor, put the listening tool software to the network connection device or put on the computer that can control the network connection device, network connection device, such as gateway servers, such as a router and many more. Another one
The species is from internal monitors. For unsafe local area networks, data is propagated by broadcasting, as long as the network card is set to hybrid mode
The formula can be received, which is not a packet, which may of course include password information, etc.
Workaround: Disconnect the password, as long as the password is set to be strong enough, it can be shielded to the same IP address.
But for the listening, if the network is transmitted, if it is not encrypted, all network transfers are clear, including passwords, database content, etc.
Wait, no matter how complex password is not good, this is a big security threat. Therefore, in the case of the conditions, it is best to use SSL.
To encrypt the agreement, of course, you need a certificate to support. Moreover, for network monitoring, it should be found in time if the packet loss rate in the network is suddenly mentioned
High, then there is reason to suspect that the network is listening.
3. Script security
Scripting security itself is a very complex problem, enough to write a professional long analysis article, and I am not very inner, Mix, Envymask, Pskey, Angel, is more crazy, haha. script
Safety is mainly due to the lack of strict inspection of submitted data, and more dangerous symbols are "", "", "#", "-", "$",
"/"Wait. This problem was initially considered asp SQL Server problem, but soon found that its impact was very large, and someone continued
In-depth discovery in PHP MySQL, the problem will still exist, SAN has made a deep analysis of PHP, interested in safe focus to find his article. For script
It seems that there is no special solution, only relying on programmers' personal qualities ...
Summary, whether it is mysql, or MSSQL, in the external network, it is considerably threatened. In contrast, the threat of MSSQL is
Even more, in the past two years, MSSQL has exposed a number of remote overflow vulnerabilities. If the configuration is better, I think Mysql
Some of MSSQL, because new overflow vulnerabilities that will be exploded at any time are anti-fighting, and the SQL injection attack that can perform system commands is also terrible. Ok, it is limited to the space, this article ends here.
