Quote:
Originally Posted by holograph
theoretically, to be able to crack SQL DB's logins one would need to have server access in the first place
|
Most any PHP script will provide enough access, and by default no password is required to log
in to the database. This due to a widely held misconception about how the default account works.
So default MySQL, not secured by someone who knows what they are doing + any popular PHP script = DB publicly available.
Quote:
Originally Posted by holograph
theoretically, to be able to crack SQL DB's logins one would need to have server access in the first place as SQL servers are not open to receive connections from remote locations by default. I don't know inner workings of paysite scripts and billers how they're tied up together - but i highly doubt its required to have SQL DB access open for remote servers.
|
Certainly DB access to remote servers (tcp) should be disabled if possible.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids