I wonder if would you consider checking lengths for database fields is part secure SDLC?
would you consider checking lengths for database fields is part secure SDLC?
85 Views Asked by SecQuestionnA At
1
There are 1 best solutions below
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in DATABASE-CONNECTION
- sqlalchemy force all connections to close mysql
- Android: How to connect oracle database using Android Java code?
- Can not connect to local database via SSMS
- EF Database not Connected Exception
- Why my mysql transaction is not working properly?
- PHP error connecting to MS SQL 2005 using CodeIgniter
- How to manage multiple connections for different users
- What is the connection URL to be used for Cassandra?
- Database connection suffers of concurrent threads
- Unable to connect to database after migrating to Hibernate 4
- What happens if you close a closed connection?
- Closing of DB connections and exception handling
- Database Design Advice for a Social Network App Needed
- Eclipse 4 RCP with ibm rational Doors Database
- could not find installable isam access #2
Related Questions in SDLC
- How do I merge production and dev with no common ancestor
- Difference between functional and regression test cases
- Industry stats for number of bugs found post development / Release
- How do I move Source Code from a local GitLab to AWS GitLab environment using automation?
- What is Security Development Lifecycle Checks option in Visual Studio?
- How should I move my code from dev to production?
- Service orientated SDLC
- Last Minute Scope Changes? Sure Why Not?
- How to fix this Syntax error in query expression?
- 'Inferential data' and the Secure Software Development Life Cycle
- Gitflow and testing / deployment
- Application Lifecycle Management -VS- Software Development Lifecycle?
- SDLC: Managing changes in a 'Closed System' (M1 - ERP)
- Quantifying Unit Test Coverage
- How to best integrate HTML/design with C# code in ASP.Net or ASP.Net MVC?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
When designing the database, one must consider checking the length of its fields.
Without needing to gossip a lot, I may mention the famous password field: what if the developers follow the good security principle of hashing, salting (or even peppering) the password but the length of the password field in the database is shorter than the length of the hashing output function? Depending on the situation, this may result in hashing the passwords almost useless in this case.
Apart from this, you may get troubles if you do not check at some point the lengths in question as explained in the accepted answer of overstating field size in database design.
In practice, however, checking the lengths of the database fields is not enough if it is not coupled with data validation and data sanitization concepts.