You are previewing The Database Hacker's Handbook: Defending Database Servers.
O'Reilly logo
The Database Hacker's Handbook: Defending Database Servers

Book Description

Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.

* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server

* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers

* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access

* Recognize vulnerabilities peculiar to each database

* Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts, and programs available for download.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Author
  6. Credits
  7. Contents
  8. Preface
    1. Who This Book Is For
    2. What This Book Covers
    3. How This Book Is Structured
    4. What You Need to Use This Book
    5. Companion Web Site
  9. Acknowledgements
  10. Introduction
  11. Part I: Introduction
    1. CHAPTER 1: Why Care About Database Security?
      1. Which Database Is the Most Secure?
      2. The State of Database Security Research
      3. So What Does It All Mean?
      4. Finding Flaws in Your Database Server
      5. Conclusion
  12. Part II: Oracle
    1. CHAPTER 2: The Oracle Architecture
      1. Examining the Oracle Architecture
      2. The Oracle RDBMS
      3. The Oracle Intelligent Agent
      4. Oracle Authentication and Authorization
      5. Database Authentication
    2. CHAPTER 3: Attacking Oracle
      1. Scanning for Oracle Servers
      2. Oracle's PL/SQL
      3. PL/SQL Injection
      4. Injecting into DELETE, INSERT, and UPDATE Statements
      5. Injecting into Anonymous PL/SQL Blocks
      6. Executing User-Supplied Queries with DBMS_SQL
      7. Real-World Examples
      8. PL/SQL and Oracle Application Server
      9. Summary
    3. CHAPTER 4: Oracle: Moving Further into the Network
      1. Running Operating System Commands
      2. Accessing the File System
      3. Accessing the Network
      4. PL/SQL and the Network
      5. Summary
    4. CHAPTER 5: Securing Oracle
      1. Oracle Security Recommendations
      2. Oracle Database Server
  13. Part III: DB2
    1. CHAPTER 6: IBM DB2 Universal Database
      1. Introduction
      2. DB2 Deployment Scenarios
      3. DB2 Processes
      4. DB2 Physical Database Layout
      5. DB2 Logical Database Layout
      6. DB2 Authentication and Authorization
      7. Authorization
      8. Summary
    2. CHAPTER 7: DB2: Discovery, Attack, and Defense
      1. Finding DB2 on the Network
    3. CHAPTER 8: Attacking DB2
      1. Buffer Overflows in DB2 Procedures and Functions
      2. DB2 Remote Command Server
      3. Running Commands Through DB2
      4. Gaining Access to the Filesystem Through DB2
      5. Local Attacks Against DB2
      6. Summary
    4. CHAPTER 9: Securing DB2
      1. Securing the Operating System
      2. Securing the DB2 Network Interface
      3. Securing the DBMS
      4. Remove Unnecessary Components
      5. And Finally . . .
  14. Part IV: Informix
    1. CHAPTER 10: The Informix Architecture
      1. Examining the Informix Architecture
      2. The Informix Logical Layout
    2. CHAPTER 11: Informix: Discovery, Attack, and Defense
      1. Attacking and Defending Informix
      2. Attacking Informix with Stored Procedural Language (SPL)
      3. SQL Buffer Overflows in Informix
      4. Summary
    3. CHAPTER 12: Securing Informix
      1. Keep the Server Patched
      2. Encrypt Network Traffic
      3. Revoke the Connect Privilege from Public
      4. Enable Auditing
      5. Revoke Public Permissions on File Access Routines
      6. Revoke Public Execute Permissions on Module Routines
      7. Preventing Shared Memory from Being Dumped
      8. Preventing Local Attacks on Unix-Based Servers
      9. Restrict Language Usage
      10. Useful Documents
  15. Part V: Sybase ASE
    1. CHAPTER 13: Sybase Architecture
      1. Sybase Background
      2. History
      3. Stand-Out Features
    2. CHAPTER 14: Sybase: Discovery, Attack, and Defense
      1. Finding Targets
      2. Attacking Sybase
      3. MS SQL Server Injection Techniques in Sybase
      4. External Filesystem Access
      5. Defending Against Attacks
      6. Older Known Sybase ASE Security Bugs
      7. Sybase Version Tool
    3. CHAPTER 15: Sybase: Moving Further into the Network
      1. Accessing the Network
      2. Connecting to Other Servers with Sybase
      3. Java in SQL
      4. Trojanning Sybase
    4. CHAPTER 16: Securing Sybase
      1. Sybase Security Checklist
      2. Background
      3. Operating System
      4. Sybase Users
      5. Sybase Configuration
  16. Part VI: MySQL
    1. CHAPTER 17: MySQL Architecture
      1. Examining the Physical Database Architecture
      2. Examining the Logical Database Architecture
      3. Exploiting Architectural Design Flaws
    2. CHAPTER 18: MySQL: Discovery, Attack, and Defense
      1. Finding Targets
      2. Hacking MySQL
      3. Local Attacks Against MySQL
      4. The MySQL File Structure Revisited
    3. CHAPTER 19: MySQL: Moving Further into the Network
      1. MySQL Client Hash Authentication Patch
      2. Running External Programs: User-Defined Functions
      3. User-Defined Functions in Windows
      4. Summary
    4. CHAPTER 20: Securing MySQL
      1. MySQL Security Checklist
      2. Background
      3. Operating System
      4. MySQL Users
      5. MySQL Configuration
      6. Routine Audit
  17. Part VII: SQL Server
    1. CHAPTER 21: Microsoft SQL Server Architecture
      1. SQL Server Background
      2. Physical Architecture
      3. Logical Architecture
      4. Users and Groups
    2. CHAPTER 22: SQL Server: Exploitation, Attack, and Defense
      1. Exploitation
      2. Exploiting Design Flaws
      3. SQL Injection
      4. Covering Tracks
    3. CHAPTER 23: Securing SQL Server
      1. Installation
      2. Configuration
  18. Part VIII: PostgreSQL
    1. CHAPTER 24: The PostgreSQL Architecture
      1. Examining the Physical Database Architecture
      2. The PostgreSQL File Structure
    2. CHAPTER 25: PostgreSQL: Discovery and Attack
      1. Finding Targets
      2. The PostgreSQL Protocol
      3. Network-Based Attacks Against PostgreSQL
      4. Information Leakage from Compromised Resources
      5. Known PostgreSQL Bugs
      6. SQL Injection with PostgreSQL
      7. Interacting with the Filesystem
      8. Summary
    3. CHAPTER 26: Securing PostgreSQL
  19. APPENDIX A: Example C Code for a Time-Delay SQL Injection Harness
  20. APPENDIX B: Dangerous Extended Stored Procedures
    1. Registry
    2. System
    3. E-Mail
    4. OLE Automation
  21. APPENDIX C: Oracle Default Usernames and Passwords
  22. Index