Download and execute SQL script - what are the security issues + solutions?_问答_开发者

Download and execute SQL script - what are the security issues + solutions?

开发者 https://www.devze.com 2023-04-06 21:50 出处：网络

I\'m tasked with designing a .Net application that will download a sql script file from a specific server and execute that file against a database.I can think of a number of security steps I\'ll want

I'm tasked with designing a .Net application that will download a sql script file from a specific server and execute that file against a database. I can think of a number of security steps I'll want to include:

Use a secure connection to the server (SFTP)
Database user only has certain access (insert, update data on specific tables)
I suggested sandboxing the transaction in a separate database instance. Unfortunately, they say the transfer data set is too large for this to be practical.

I'm primarily worried not only about allowing someone to purposefully damage information in a very large database, but, ideally, to help prevent accidental damage as well.

Questions:

Did I miss anything? Are there any best practices to keep in mind for this kind of thing?
What would be the best way to authenticate the server cert against a man-in-the-mi开发者_运维技巧ddle attack?

To point 1)

Keep an audit log.
To whatever degree possible, help the user create these SQL scripts. Drop downs to choose table names, radio buttons to choose the command, a column selector, etc... This will help prevent accidents.
Ideally, you would be able to roll back to before any specific script is executed (think of how a bank has to be able to replay your transactions to verify your account balance if ever questioned). Depending on the frequency of updates and this data's importance, you're probably fine with just some daily backups instead of an actual transcriptional, re-playable history.

To point 2)

WinVerifyTrust to make sure the certificate is valid and has a valid root.
CryptQueryObject to check for a specific certificate.

I would implement your point 2 as restrictive as possible, but obviously your script has to be allowed to do some stuff. So you will have to trust the person which provides the script. To make sure that you execute a script which is really from that person you trust, I would sign the script and would validate the signature before executing the script. So you can be sure that it has not been modified by somebody else.