Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: Limiting application's database size
From: Syed Mohamed A <SyedMA () microland net>
Date: Wed, 30 Jun 2004 21:57:57 +0530

You can do it in your ASP code level. before that u hv to decide how many
number data submission is acceptable as per ur application.While doing think
about the users who uses comes to ur site via NAT ed IP or proxy. 

Regards
Syed Mohamed A


-----Original Message-----
From: Thorpe, Jason (TAD)
To: 'Mike.Wiltshire () sunlife com'; webappsec () securityfocus com
Sent: 6/30/04 7:36 PM
Subject: RE: Limiting application's database size

Thanks for the help.

Could limiting the number of IP commits in one session be accomplished
through IIS?

-----Original Message-----
From: Mike.Wiltshire () sunlife com [mailto:Mike.Wiltshire () sunlife com]
Sent: Monday, June 28, 2004 10:16 AM
To: webappsec () securityfocus com
Subject: Re: Limiting application's database size




You can limit the database size in the database properties dialog if
you've
appropriate permissions..

http://www.winnetmag.com/Windows/Articles/ArticleID/23321/pg/2/2.html

One extra point though, and that is as well as limit the datafile size,
don't forget about the transaction max log file size - learned that the
heard way meself!

http://www.winnetmag.com/Files/23321/Figure_03.gif

Are you sure you need to allow unauthenticated users to enter data into
your database? Can you harvest the data, sanitise then remove to a
different database after its loaded? Or maybe you can limit the amount a
single IP commits in one session? Just some thoughts..

hope this helps,
Mike




 

 

             "Thorpe, Jason (TAD)"             To:
webappsec () securityfocus com, security-basics () securityfocus com

             <Jason.Thorpe () fta dot gov>        cc: (bcc: Mike
Wiltshire/ServiceCentre/Ireland/SunLife)

             28/06/2004 14:03                  Subject:  Limiting
application's database size                                          
 

 





I have a database server that contains several applications.  One of the
applications allow users to enter information into the database without
being authenticated.  My concern is that a malicious script could
quickly
increase the size of the database and thus taking all free disk space on
the
server.  Is there a way to limit the size of the database so that it
will
not affect the other applications?  Or does anybody have any suggestions
on
a way to handle this situation.

DB Server: MS SQL Server, IIS








------------------------------------------------------------------------
---
This e-mail message (including attachments, if any) is intended for the
use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt
from
disclosure.  If you are not the intended recipient, you are notified
that
any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
------------------------------------------------------------------------
---
Le présent message électronique (y compris les pièces qui y sont
annexées,
le cas échéant) s'adresse au destinataire indiqué et peut contenir des
renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le
destinataire de ce document, nous vous signalons qu'il est strictement
interdit de le diffuser, de le distribuer ou de le reproduire. Si ce
message vous a été transmis par erreur, veuillez en informer
l'expéditeur
et le supprimer immédiatement.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
This e-mail message (including attachments, if any) is intended for the
use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt
from
disclosure.  If you are not the intended recipient, you are notified
that
any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
------------------------------------------------------------------------
---



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]