Info Disclosure Through Data Queries

From Guidance Share

Jump to: navigation, search

Contents

Description

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Applies To

  • Platform: Any, particularly systems using relational databases or object-relational databases.

Example

See the book Translucent Databases for examples.

Impact

  • Confidentiality: Sensitive information may possibly be through data queries accidentally.

Vulnerabilities

  • Failure to account for information disclosure through patterns of information.

Countermeasures

This is a complex topic. See the book Translucent Databases for a good discussion of best practices.

Vulnerability Patterns

How Tos

Personal tools