Attacks on database management systems

Posted: September 14, 2012 in Articles
Tags: , ,

Hackers attackProtection of databases is one of the easiest tasks. This is due to the fact that databases have a well-defined internal structure, and operations on the elements of the DBMS is quite clearly defined. There are four main steps – search, insert, delete and replace the item. Other operations are complementary and are fairly rare. The presence of strong and well-defined structure of operations simplifies the problem of protecting databases. In most cases, hackers prefer to crack the protection of the computer system at the operating system and access the database files through the operating system. However, if you use a database that does not have sufficiently robust defense mechanisms, or poorly tested version of the database that contains the error, or if the security policy database administrator mistakes had been made, it is quite possible to overcome the hacker protection, implemented at the level of the DBMS.

In addition, there are two specific attack scenario for the DBMS, for the protection of which requires special techniques. In the first case, the results of arithmetic operations on numeric fields DBMSs are rounded down, and the difference is added to some other record database (usually the record contains personal account hacker in the bank, and is rounded numeric fields relate to the accounts of other customers of the bank). In the second case, a hacker gains access to the database record fields, which is only available statistical information. The idea of ​​a hacker attack on the database – so cleverly formulate a query to a set of records for which statistics are collected, consisted of only one record.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s