Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: rarestia

Good discipline on the password complexity but there are numerous ways to hack databases without a password. MySQL just announced a bug where it allowed access 1 out of every 256 attempts without verifying the password.

Failure to patch databases is the most common reason.

My suggestion is to never allow your database server to be connected directly to the internet even with a firewall.


41 posted on 06/26/2012 12:50:19 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 28 | View Replies ]

To: driftdiver

I don’t use that sort of DB. Look up KeePass on SourceForge.net. It creates an encrypted database in which all of your passwords are stored. It’s really a great little program.

I installed it on a thumbdrive which I encrypted and paired to the TPM in my secure desktop. Any passwords I need are accessed from that thumbdrive and are inaccessible unless the thumbdrive is plugged into the secure desktop, the TPM is authenticated, and the 160 bit passkey is typed in to unencrypt the database. Essentially it’s 3-factor authentication.

I also use the encrypted thumbdrive to save my MSOutlook PST/OST files, my banking credentials, MSMoney DB, and Firefox profile. Now granted if I ever lost this thing or it was otherwise destroyed, I’d be hopelessly lost, but I treat this device like I treat my wallet.

You can never be too careful.


44 posted on 06/26/2012 1:05:51 PM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 41 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson