SQL Database Security?

jpkennedy79jpkennedy79 Member Posts: 28 ■□□□□□□□□□
Just going through old posts and I see that /usr was hit with some SQL Database Security questions on his exam. My question to you all is, has anyone else encountered these questions? Would they be considered questions that Comptia does not actually count in the grading process? Thanks

Comments

  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    You won't see SQL datbase questions on Security+ unless they've changed it.

    I don't think...are you sure you were looking at the right post?
  • jpkennedy79jpkennedy79 Member Posts: 28 ■□□□□□□□□□
    /usr wrote:
    You won't see SQL datbase questions on Security+ unless they've changed it.

    I don't think...are you sure you were looking at the right post?

    You posted it here:
    http://www.techexams.net/forums/viewtopic.php?t=3707
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I don't remember what the question was.

    I know that SQL Security isn't covered in any of the material I have. I hate to say this, but don't worry about it. Study the material you've got and make sure you know it well, you'll do fine on the exam.
  • fonduefondue Member Posts: 104
    I don't remember getting any SQL questions, but if you do it will probably revolve around changing the default passwords or disabaling the default accounts.

    Basically, IT best practices, change all default passwords. If you don't disable or change the password it may be possible for inject SQL commands with the permission of the root\admin user and that aint good.

    (my MySQL is a little rusty, but I think this will do it)
    $ mysql root
    mysql>DROP the_most_important_db
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Worth mentioning is the cause for most SQL server problems, that is ISAPI.DLL.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    When doing SQL injection, you'll want to pay more attention to what context the exploited process is running under, not necessarily the login, since you don't login to perform SQL injection.

    fondue is right though, you definately want to change default passwords, as the default admin password for SQL is very weak.
Sign In or Register to comment.