Please use this identifier to cite or link to this item:
|Title:||Server-side database credentials: a security enhancing approach for database access|
Pereira, Óscar Mortágua
Aguiar, Rui L.
Security and privacy protection
|Abstract:||Database applications are a very pervasive tool that enable businesses to make the most out of the data they collect and generate. Furthermore, they can also be used to provide services on top of such data that can access, process, modify and explore it. It was argued in the work this paper extends that when client applications that access a database directly run on public or semipublic locations that are not highly secured (such as a reception desk), the database credentials used could be stolen by a malicious user. To prevent such an occurrence, solutions such as virtual private networks (VPNs) can be used to secure access to the database. However, VPNs can be bypassed by accessing the database from within the business network in an internal attack, among other problems. A methodology called Secure Proxied Database Connectivity (SPDC) is presented which aims to push the database credentials out of the client applications and divides the information required to access them between a proxy and an authentication server, while supporting existing tools and protocols that provide access to databases, such as JDBC. This approach will be shown and further detailed in this paper in terms of attack scenarios, implementation and discussion.|
|Appears in Collections:||DETI - Capítulo de livro|
IT - Capítulo de livro
Files in This Item:
|(BC) - 2018-06-30 (DATA, Springer CCIS) Server-Side Database Credentials - A Security Enhancing Approach for Database Access.pdf||Documento principal||445.84 kB||Adobe PDF|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.