The following are the countermeasures against database attacks:

* Input Sanitization: The Database Administrator must sanitize any input received from a user. The data submitted should be checked for data type (integer, string, and so on) and stripped of any undesirable characters, such as meta-characters.
* Adherence to strong firewall rules: Be sure to check firewall rules from time to time and always block any database access ports, such as TCP and UDP 1434 (MS SQL) and TCP 1521-1530 (Oracle).
* Modification of error reports: To avoid a SQL injection, the developer should handle or configure error reports in such a way that the error is not visible to outside users. In these error reports, a full query is sometimes shown, pointing to the syntax error involved, and the attacker could use it for further attacks. A display of errors should be restricted only to internal users.
* Stored procedure removal: Be sure to remove all stored procedures (including extended stored procedures) from the entire database. These seemingly innocent scripts can help an attacker topple even the most secure databases.
* Session encryption: When a database server is separate from a Web server, be sure to encrypt the session stream using any method, such as using IPSec native to Windows 2000.
* Least privilege: The default system account (sa) for SQL Server 2000 should never be used.
* Escape quotes: Replace all single quotes with two single quotes.

Explore More

Hackers launch phishing attack on Facebook users

We have been written many articles about phishing attack on Websites but Now, Hackers launched an attack on Facebook’s 200 million users on Thursday, successfully gathering passwords from some of

Batten down the Hatches—10-Minute Tactics

The simplest way to defend your computer quickly against hackers is to use a firewall. So let’s look at your two fastest options. Either can be done in 10 minutes.Turn

Critical SQL Injection in Stamps Myanmar

PlanetCreator has reported another critical SQL Injection (vulnerability) on Stamps Myanmar http://www.stampsmyanmar.com and powered by indexmyanmar SQL injection is a code injection technique that exploits a security vulnerability occurring in