security related
if we are talking about security at the configuration level, would the 'security related' subset in sp_configure have all the related information? or are there parameters/values to be found elsewhere? appreciate the feedback.
|
0 |
|
vtpcnk
12/29/2010 10:00:36 AM
sybase.ase.general
8655 articles. 
0 followers.
2 Replies
780 Views
On 29-Dec-2010 11:00, vtpcnk wrote: > if we are talking about security at the configuration level, > would the 'security related' subset in sp_configure have all > the related information? or are there parameters/values to > be found elsewhere? > > appreciate the feedback. The configuration paramters are the ones that are directly security-related, but security is a much bigger topic than just a few parameters. For example, you can enable auditing ( a config param plus some setup steps), but how you set up you auditing configuraion and how you analyse the collected info is what makes it work (or not). Same for column encryption. Same for the classic grant/revoke permission settings and use of roles and groups: this is the cornerstone of security, but there no config parameters involved at all. You'll need to dig through the manuals to get a good understanding of the issues involved... HTH, Rob V. ----------------------------------------------------------------- Rob Verschoor Certified Sybase Professional DBA for ASE 15.0/12.5/12.0/11.5/11.0 and Replication Server 15.0.1/12.5 // TeamSybase Author of Sybase books (order online at www.sypron.nl/shop): "Tips, Tricks& Recipes for Sybase ASE" (ASE 15 edition) "The Complete Sybase ASE Quick Reference Guide" "The Complete Sybase Replication Server Quick Reference Guide" rob@NO.SPAM.sypron.nl | www.sypron.nl | Twitter: @rob_verschoor Sypron B.V., The Netherlands | Chamber of Commerce 27138666 -----------------------------------------------------------------
|
|
0 |
|
Rob
12/29/2010 10:51:40 AM
What kind of security questions do you have? Are you worried about login security or host security? Dop you know about passwords on the backups? Cory -- Cory Sane [TeamSybase] Certified Sybase Associate DBA for ASE 15.0 "vtpcnk" wrote in message news:4d1b06c4.6872.1681692777@sybase.com... > if we are talking about security at the configuration level, > would the 'security related' subset in sp_configure have all > the related information? or are there parameters/values to > be found elsewhere? > > appreciate the feedback.
|
|
0 |
|
Cory
1/4/2011 3:50:46 AM
Similar Artilces:
ASE Security Related Question
Hi All, Security type question: This is our environment: - Delphi application connecting to an ASE 11.5 on NT 4.0 (using the BDE) - MS-Access connecting to the same ASE 11.5 server using ODBC (Intersolv 3.0) The problem: The users do their updates to the db through the Delphi app. The MS-Access app. is supposed to be used for querying only. We want to restrict update access to the db to have to go through the Delphi app. Currently have a couple of distinct Sybase groups set up - 1 for inquiry which has select access, 1 for update which has all privileges. Problem is some...
Need suggestion.Security related general question
Hi, I have project that is using email to bring users back to the login page. The system auto generates email with a LINK to bring user to login page. Now my question is, how to make it secure. What are your suggestions about making link secure so no one can guess. Suggestions will be helpful. May be I need to use username in the link or etc. I was thinking Guid with username attached in email? Application is in ASP.NET 2.0 with SQL Server 2000 Thanks Hi, Not sure what you mean. You have an Email going out to users. That Email has a link t...
Issue related with secure AuthenticationType i.e. AuthenticationTypes.Secure
So when i use DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password, AuthenticationTypes.Serverbind); I can work with LDAP no problem, create new users etc.. But when I use DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password,AuthenticationTypes.Secure); I get 2 types of errors 1] Unknown error 2] Invalid dn syntax has been specified. The user details are correct and they are the user details of the directory manager. What is going wrong here ?...
ASE and ASE
Could it be possible to take scripts from ASA and load them in an ASE Any information is welcome jean-fran�ois ASA supports a fairly large sub-set of Transact-SQL, so if you write your stored procedures and triggers in ASA using T-SQL, you should be able to create scripts that will run against both ASE and ASA. If you're planning to do this though, I would suggest developing your database schema against ASA, since everything you write in T-SQL in ASA will be supported on ASE, but the reverse is not true. Check out the section in the ASA documentation entitled "Tra...
How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...
ASE to ASE
Hi, Is anyone out there doing ASE to ASE replication using SQL remote? If you are have created your own version of the SSEXTRACT utility to set up a replicant database in ASE rather than ASA? Or does anyone know if SYBASE has created a version SSEXTRACT for use with ASE to ASE replication? Thanks in advance Doug Trainer Hi Douglas, I thought the SQL Remote Replication support in ASE11.5 was meant for a consolidate-database only (by design)! At least that was what Sybase said when they announced support for SQL Remote technology support in ASE11.5. I will be happy to...
when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...
What generals generally do
Reading a McChrystal thread elsewhere, I came across someone quoting a US general http://en.wikipedia.org/wiki/Smedley_Butler > I spent 33 years and four months in active military service and > during that period I spent most of my time as a high class thug for > Big Business, for Wall Street and the bankers. In short, I was a > racketeer, a gangster for capitalism. I helped make Mexico and > especially Tampico safe for American oil interests in 1914. I helped > make Haiti and Cuba a decent place for the National City Bank boys to > collect revenues in. I ...
security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...
ASE security
Has anyone successfully granted admin(sa,sso) roles to users? I have gotten the following: 1> grant role sa_role to bob 2> go Msg 156, Level 15, State 1: Line 1: Incorrect syntax near the keyword 'role'. this is while logged in as sa. Also I have read about the Sybase Central utility. does this come with the Linux version? If so where is it installed? If not is it available for free? I recieved an email from Ryan Lubke with the commands that work. sp_role "grant", "sa_role", user_name exec sp_role "grant", "sso_role",...
general security
hello, i was wondering if all these tools, such as the login control, create new user wizard, and the datagrids,etc -if all of them are generally protected from things like SQL injection, cross scripting? and or should more validation be done? I don't know if they are totally protected from SQL injection, but it is always a good idea to use standard security to protect against this. Such as using a stored proc and keeping dynamic sql down to none.View My Blog Download My URL Rewriter and Reverse ProxyOnly $9.95/month, ASP.NET, 2GB & SQL 2005...
ASA To ASE - VS
What are the differents in terms of configuring SQL Remote Between ASA to ASE and ASE To ASE ? You should start with the Help file and then ask specific questions: Data Replication with SQL Remote PART 5. Appendix APPENDIX A. Enterprise and Anywhere: Differences There are many differences, so begin there. -- David Fishburn Sybase Please only post to the newsgroup BH Ong <bhong@tm.net.my> wrote in message news:01bf4b98$33183580$7ccdc8c8@virtual-branch... > What are the differents in terms of configuring SQL Remote Between ASA to > ASE and ASE To ASE ...
Are there any common errors / issues related to using the dump/load strategy vs. sqlupgrade utility for upgrade/migration to ASE 15.x (from ASE 12.5.x)?
Are there any common errors / issues related to using the dump/load strategy vs. sqlupgrade utility for upgrade/migration to ASE 15.x (from ASE 12.5.x)? Hi everyone, I've been reading posts on this discussion thread to try to see if I can find any disadvantage of using the dump/load strategy vs. using the sqlupgrade utility (i.e. common errors / issues). I noticed that some have run into errors after the upgrade/migration when using system stored procedure(s). So this sparked a few questions... 1) Is one upgrade/migration strategy prone to more errors and issues than ...
general security issues
hi i'm doing an assignment on the security issues of active server pages. i was wondering if anyone could outline the major security issues for me. if you could i'd really appreciate it! biggest security issue in ASP? ASP Developers. without a question.RTFM - straight talk for web developers. Unmoderated, uncensored, occasionally unreadableJason Brown - MVP, IIS As Jason points out, crappy coders are the biggest problem :-) The crappy code tends to be vulnerable to the following types of attacks: -SSL Injection Attacks -Cross Site Scripting Attacks -Replay Attacks/Cookie thef...
Hi All, Security type question: This is our environment: - Delphi application connecting to an ASE 11.5 on NT 4.0 (using the BDE) - MS-Access connecting to the same ASE 11.5 server using ODBC (Intersolv 3.0) The problem: The users do their updates to the db through the Delphi app. The MS-Access app. is supposed to be used for querying only. We want to restrict update access to the db to have to go through the Delphi app. Currently have a couple of distinct Sybase groups set up - 1 for inquiry which has select access, 1 for update which has all privileges. Problem is some...
Need suggestion.Security related general question
Hi, I have project that is using email to bring users back to the login page. The system auto generates email with a LINK to bring user to login page. Now my question is, how to make it secure. What are your suggestions about making link secure so no one can guess. Suggestions will be helpful. May be I need to use username in the link or etc. I was thinking Guid with username attached in email? Application is in ASP.NET 2.0 with SQL Server 2000 Thanks Hi, Not sure what you mean. You have an Email going out to users. That Email has a link t...
Issue related with secure AuthenticationType i.e. AuthenticationTypes.Secure
So when i use DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password, AuthenticationTypes.Serverbind); I can work with LDAP no problem, create new users etc.. But when I use DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password,AuthenticationTypes.Secure); I get 2 types of errors 1] Unknown error 2] Invalid dn syntax has been specified. The user details are correct and they are the user details of the directory manager. What is going wrong here ?...
ASE and ASE
Could it be possible to take scripts from ASA and load them in an ASE Any information is welcome jean-fran�ois ASA supports a fairly large sub-set of Transact-SQL, so if you write your stored procedures and triggers in ASA using T-SQL, you should be able to create scripts that will run against both ASE and ASA. If you're planning to do this though, I would suggest developing your database schema against ASA, since everything you write in T-SQL in ASA will be supported on ASE, but the reverse is not true. Check out the section in the ASA documentation entitled "Tra...
How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...
ASE to ASE
Hi, Is anyone out there doing ASE to ASE replication using SQL remote? If you are have created your own version of the SSEXTRACT utility to set up a replicant database in ASE rather than ASA? Or does anyone know if SYBASE has created a version SSEXTRACT for use with ASE to ASE replication? Thanks in advance Doug Trainer Hi Douglas, I thought the SQL Remote Replication support in ASE11.5 was meant for a consolidate-database only (by design)! At least that was what Sybase said when they announced support for SQL Remote technology support in ASE11.5. I will be happy to...
when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...
What generals generally do
Reading a McChrystal thread elsewhere, I came across someone quoting a US general http://en.wikipedia.org/wiki/Smedley_Butler > I spent 33 years and four months in active military service and > during that period I spent most of my time as a high class thug for > Big Business, for Wall Street and the bankers. In short, I was a > racketeer, a gangster for capitalism. I helped make Mexico and > especially Tampico safe for American oil interests in 1914. I helped > make Haiti and Cuba a decent place for the National City Bank boys to > collect revenues in. I ...
security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...
ASE security
Has anyone successfully granted admin(sa,sso) roles to users? I have gotten the following: 1> grant role sa_role to bob 2> go Msg 156, Level 15, State 1: Line 1: Incorrect syntax near the keyword 'role'. this is while logged in as sa. Also I have read about the Sybase Central utility. does this come with the Linux version? If so where is it installed? If not is it available for free? I recieved an email from Ryan Lubke with the commands that work. sp_role "grant", "sa_role", user_name exec sp_role "grant", "sso_role",...
general security
hello, i was wondering if all these tools, such as the login control, create new user wizard, and the datagrids,etc -if all of them are generally protected from things like SQL injection, cross scripting? and or should more validation be done? I don't know if they are totally protected from SQL injection, but it is always a good idea to use standard security to protect against this. Such as using a stored proc and keeping dynamic sql down to none.View My Blog Download My URL Rewriter and Reverse ProxyOnly $9.95/month, ASP.NET, 2GB & SQL 2005...
ASA To ASE - VS
What are the differents in terms of configuring SQL Remote Between ASA to ASE and ASE To ASE ? You should start with the Help file and then ask specific questions: Data Replication with SQL Remote PART 5. Appendix APPENDIX A. Enterprise and Anywhere: Differences There are many differences, so begin there. -- David Fishburn Sybase Please only post to the newsgroup BH Ong <bhong@tm.net.my> wrote in message news:01bf4b98$33183580$7ccdc8c8@virtual-branch... > What are the differents in terms of configuring SQL Remote Between ASA to > ASE and ASE To ASE ...
Are there any common errors / issues related to using the dump/load strategy vs. sqlupgrade utility for upgrade/migration to ASE 15.x (from ASE 12.5.x)?
Are there any common errors / issues related to using the dump/load strategy vs. sqlupgrade utility for upgrade/migration to ASE 15.x (from ASE 12.5.x)? Hi everyone, I've been reading posts on this discussion thread to try to see if I can find any disadvantage of using the dump/load strategy vs. using the sqlupgrade utility (i.e. common errors / issues). I noticed that some have run into errors after the upgrade/migration when using system stored procedure(s). So this sparked a few questions... 1) Is one upgrade/migration strategy prone to more errors and issues than ...
general security issues
hi i'm doing an assignment on the security issues of active server pages. i was wondering if anyone could outline the major security issues for me. if you could i'd really appreciate it! biggest security issue in ASP? ASP Developers. without a question.RTFM - straight talk for web developers. Unmoderated, uncensored, occasionally unreadableJason Brown - MVP, IIS As Jason points out, crappy coders are the biggest problem :-) The crappy code tends to be vulnerable to the following types of attacks: -SSL Injection Attacks -Cross Site Scripting Attacks -Replay Attacks/Cookie thef...
Web resources about - security related - sybase.ase.general
Krebs on SecurityThe House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...
Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...
Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...
Committee on National Security Systems - Wikipedia, the free encyclopediaThe National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...
Man accused of carjacking, assaulting security guards at Indooroopilly Shopping Centre - The Courier-Mail ...A MAN has been charged following the alleged attack on two shopping centre security guards at Indooroopilly yesterday.
US airstrike 'mistakenly' kills nine Iraqi security forcesA US aircraft mistakenly carries out an air strike that killed Iraqi security forces near the city of Fallujah, US Defense Secretary Ash Carter ...
Get Canary’s all-in-one home security system + air quality/temperature sensor for $179This is one of the best deals yet on our favorite all-in-one, iPhone-controlled home security system and air quality detector. Just in time ...
Security concerns over white Christians cause Virginia school district to shut down following Arabic ...... Since the forum, Augusta County has received so many calls and emails that the county sheriff advised them to close down, citing security concerns. ...
Google dedicates $1 million to independent research for Drive securityGoogle is placing an increased importance on security in 2016. The company has set aside $1 million to fund independent research into the security ...
FIGURES: Paul Ryan Builds Security Fence Around His Mansion While Denying Americans a Border Fence... documentation reveals, Ryan’s home is surrounded by a tall border fence reinforced by equally high bushes— ensuring both privacy and security. ...
Resources last updated: 12/20/2015 1:13:23 PM