RE: Limiting application's database size

["Thorpe, Jason (TAD)" <Jason.Thorpe () fta dot gov>]

Thanks for the help.

Could limiting the number of IP commits in one session be accomplished
through IIS?

-----Original Message-----
From: Mike.Wiltshire () sunlife com [mailto:Mike.Wiltshire () sunlife com]
Sent: Monday, June 28, 2004 10:16 AM
To: webappsec () securityfocus com
Subject: Re: Limiting application's database size




You can limit the database size in the database properties dialog if you've
appropriate permissions..

http://www.winnetmag.com/Windows/Articles/ArticleID/23321/pg/2/2.html

One extra point though, and that is as well as limit the datafile size,
don't forget about the transaction max log file size - learned that the
heard way meself!

http://www.winnetmag.com/Files/23321/Figure_03.gif

Are you sure you need to allow unauthenticated users to enter data into
your database? Can you harvest the data, sanitise then remove to a
different database after its loaded? Or maybe you can limit the amount a
single IP commits in one session? Just some thoughts..

hope this helps,
Mike




 

 

             "Thorpe, Jason (TAD)"             To:
webappsec () securityfocus com, security-basics () securityfocus com

             <Jason.Thorpe () fta dot gov>        cc: (bcc: Mike
Wiltshire/ServiceCentre/Ireland/SunLife)                                 
             28/06/2004 14:03                  Subject:  Limiting
application's database size                                          
 

 





I have a database server that contains several applications.  One of the
applications allow users to enter information into the database without
being authenticated.  My concern is that a malicious script could quickly
increase the size of the database and thus taking all free disk space on
the
server.  Is there a way to limit the size of the database so that it will
not affect the other applications?  Or does anybody have any suggestions on
a way to handle this situation.

DB Server: MS SQL Server, IIS








---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure.  If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
Le présent message électronique (y compris les pièces qui y sont annexées,
le cas échéant) s'adresse au destinataire indiqué et peut contenir des
renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le
destinataire de ce document, nous vous signalons qu'il est strictement
interdit de le diffuser, de le distribuer ou de le reproduire. Si ce
message vous a été transmis par erreur, veuillez en informer l'expéditeur
et le supprimer immédiatement.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure.  If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------