SQL Database Security?

jpkennedy79

Just going through old posts and I see that /usr was hit with some SQL Database Security questions on his exam. My question to you all is, has anyone else encountered these questions? Would they be considered questions that Comptia does not actually count in the grading process? Thanks

/usr

You won't see SQL datbase questions on Security+ unless they've changed it.

I don't think...are you sure you were looking at the right post?

jpkennedy79

/usr wrote:

You won't see SQL datbase questions on Security+ unless they've changed it.

I don't think...are you sure you were looking at the right post?

You posted it here:
http://www.techexams.net/forums/viewtopic.php?t=3707

/usr

I don't remember what the question was.

I know that SQL Security isn't covered in any of the material I have. I hate to say this, but don't worry about it. Study the material you've got and make sure you know it well, you'll do fine on the exam.

fondue

I don't remember getting any SQL questions, but if you do it will probably revolve around changing the default passwords or disabaling the default accounts.

Basically, IT best practices, change all default passwords. If you don't disable or change the password it may be possible for inject SQL commands with the permission of the root\admin user and that aint good.

(my MySQL is a little rusty, but I think this will do it)
$ mysql root
mysql>DROP the_most_important_db

/usr

Worth mentioning is the cause for most SQL server problems, that is ISAPI.DLL.

/usr

When doing SQL injection, you'll want to pay more attention to what context the exploited process is running under, not necessarily the login, since you don't login to perform SQL injection.

fondue is right though, you definately want to change default passwords, as the default admin password for SQL is very weak.