Database security undermined by protocol loopholes and lax defences

March 9, 2007

[From ComputerWeekly]

A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files.

In his presentation to attendees at the recent Black Hat DC training conference, Amichai Shulman, chief technology officer and founder of database-monitoring vendor Imperva explained that the client-server protocols, which are used to exchange data and commands between client software and database servers over TCP/IP, are ripe for attack.

The article continues at http://www.computerweekly.com/Articles/2007/03/06/222267/database-security-undermined-by-protocol-loopholes-and-lax.htm