SPDC: Secure Proxied Database Connectivity

Abstract

In the business world, database applications are a predominant tool where data is generally the most important asset of a company. Companies use database applications to access, explore and modify their data in order to provide a wide variety of services. When these applications run in semi-public locations and connect directly to the database, such as a reception area of a company or are connected to the internet, they can become the target of attacks by malicious users and have the hard-coded database credentials stolen. To prevent unauthorized access to a database, solutions such as virtual private networks (VPNs) are used. However, VPNs can be bypassed using internal attacks, and the stolen credentials used to gain access to the database. In this paper the Secure Proxied Database Connectivity (SPDC) is proposed, which is a new methodology to enhance the protection of the database access. It pushes the credentials to a proxy server and separates the information required to access the database between a proxy server and an authentication server. This solution is compared to a VPN using various attack scenarios and we show, with a proof-of concept, that this proposal can also be completely transparent to the user.