Hacker News new | past | comments | ask | show | jobs | submit login

if they got to the database!, what makes you think they didn't get to the app server?



Although they theoretically could have, a lot of these hacks are done via SQL Injection, which is a step below having direct access to the machines. You can often leverage SQL injection further to do just that, but it takes more work/luck/skill than just dumping the DB. So it's not a given that they got filesystem access, but we shouldn't assume that they didn't either.


This could be the result of sql injection or some other application-level attack.


Or possibly just a lost backup tape.


If some backup tapes might go out of the building, they'd better be encrypted...


I certainly DO hope that some backup tapes go out of the building. Offsite backups are a good thing.


The fact that one of the points of having a three-tiered architecture is improved security?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: