> I don't know how the major databases handle remote connections, > but most secure systems won't allow more than a handful of login > attempts at a time. If you fail too many times your account gets > locked until someone unlocks it, or for a prohibitive amount of > time. This effectively halts brute force attacks on un/pw interfaces. > Yes they could still work in some systems, as long as you are able > to keep trying for a few months.
Most database login mechanisms, by themselves, do not constitute "secure systems". Most common database platforms do not lock accounts or timeout access. Most common database platforms also have some known, common logins. To the extent that MS SQL Server is configured to allow only Windows authentication, it will be protected by the same mechanisms as any other Windows OS login, but that's the exception (especially for CF users). Oracle: http://www.red-database-security.com/whitepaper/oracle_passwords.html http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci11380 68,00.html SQL Server: http://www.securiteam.com/tools/5FP0F20FPK.html http://www.sqlsecurity.com/ MySQL: http://www.philippinehoneynet.org/dataarchive.php?date=2005-09-22 I'm sure you can find many more examples by simply typing "brute force [your DB platform] login" into Google. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:224358 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
