Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2009
    Posts
    9

    Unanswered: Is VIRUS attack possible on SQL-Data ?

    Hello masters,

    I wants to know that :

    1. Virus Attack is possible on Server which is allowing
    access from client machine only through SQL-Server instance service ?

    2. If virus attacked on Server, is Data-files will be safe ?


    Thanks

  2. #2
    Join Date
    Apr 2007
    Posts
    183
    1. Yes. The very minute the connection is made a potential virus could make use of that connection.
    2. No. Even if files are locked by SQL process noone knows how the virus is written.

  3. #3
    Join Date
    Dec 2007
    Location
    London, UK
    Posts
    741
    1. SQL Server can be vulnerable to various types of malicious attack. By far the most common are due to basic programming errors:

    CWE - 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

    It's also important to keep all your software up to date with the latest security patches.

    2. Depends. If the server is compromised in some way then it's quite possible that the database could be read or modified. Databases contain executable code and it does happen that malicious code gets inserted into the database - often hidden as data in tables. Those types of attack are almost entirely preventable however and when they happen it is due to sloppy coding practices, failure to apply the minimum permissions principle and poor quality control on the part of the database developers / DBAs.

  4. #4
    Join Date
    Feb 2009
    Posts
    9
    Thank you,
    Peso and dportas


    and so there must be regular backup

  5. #5
    Join Date
    Dec 2007
    Location
    London, UK
    Posts
    741
    Backups should go without saying but they don't necessarily help much against viruses or malicious code. If you don't notice an attack immediately you could have to roll back an awful lot of good data just to get rid of the bad. The damage is still done. So good security practices and development standards are a more important line of defence than backups alone.

  6. #6
    Join Date
    Feb 2009
    Posts
    9
    Yes,

    the BAD data will be problem and I think good SQL Server administration is the answer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •