|
|
|
Binding: Paperback
Dewey Decimal Number: 005.8
EAN: 9781555583347
ISBN: 1555583342
Label: Digital Press
Manufacturer: Digital Press
Number Of Items: 1
Number Of Pages: 432
Publication Date: 2005-04-18
Publisher: Digital Press
Studio: Digital Press
|
|
|
|
|
|
Spotlight customer reviews:
|
Customer Rating: 
Summary: A Well-Rounded Textbook for DBAs, Auditors and InfoSec
Comment: I'm rarely moved to write a review on a technical book, perhaps because I read so many of them. However, this text is truly outstanding, due to it's breadth of coverage, i.e., Oracle, SQL Server, DB2, UBD and Sybase AND well written descriptions of problems and solutions.
If you are seeking to secure your databases AND/OR audit them, this book contains both suggestions for scripting, triggers etc as well as where to look for vulnerabilities.
Bravo to the author, and THANKS, I'm using regularly, the best compliment of all.
Customer Rating:
Summary: Very useful and timely book
Comment: The book is very practical and timely; it contains the complex of useful rules either dispersed in many different sources or not published at all. For example my colleague who is a DB Oracle administrator in Sony Computer Entertainment distinguished the following recommendations:
· Hardening Oracle environment
· Avoiding the use of mod_plsql
· Not making a database a web server and not store HTML pages in the database
From my perspective the rules concerning Web services and cross-site scripting are the most valuable. Working on these applications I see how vulnerable is a database server due to some security holes; therefore avoiding the holes is important.
Customer Rating:
Summary: This is a very good book
Comment: This is a very good book. It is very readable and very informative. It has a lot of useful stuff. I recommend it highly.
Customer Rating:
Summary: Very good book
Comment: Really good book. Easy to read and good content. I recommend it to anyone doing db work.
Customer Rating:
Summary: Great book
Comment: The book is helpful and practical. It has the right mix of "what to do" with "how to do" and "why to do" - and it covers all the databases my company owns.
|
|
|
|
Editorial Reviews:
|
This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an "internals" level. There are many sections which outline the "anatomy of an attack" - before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape - both from a business and regulatory requirements perspective as well as from a technical implementation perspective.
* Useful to the database administrator and/or security administrator - regardless of the precise database vendor (or vendors) that you are using within your organization.
* Has a large number of examples - examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL..
* Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product.
* Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment - which is not dependent on the database platform - a view that is important to ensure good database security.
|
|
|
|
|
