Database Security
- Communication is typically unencrypted, therefore restrict it
beyond the firewall.
- Enforce database level security
- Create database users
- Grant access for specific objects and actions (SELECT, INSERT, DELETE, UPDATE)
- Use separate users and permissions for web and maintenance access.
- Careful where you store the database access passwords (client applications)
- Keep in mind statistical attacks