HyperSQL / HSQLDB数据库是否可以抵抗密码攻击?
[英]Is HyperSQL / HSQLDB database resistant to password attacks?
问题描述
Is HyperSQL / HSQLDB resistant to password attack? 
HyperSQL / HSQLDB是否可以抵抗密码攻击? The database is used in this scenario: 在这种情况下使用数据库:
DriverManager.getConnection("jdbc:hsqldb:hsql://localhost/somedb", "SA", "some_password");
Lets say, if some hacker tries to connect 1000 times in one second with invalid passwords, what will happen? 可以说,如果某个黑客试图在一秒钟内用无效的密码连接1000次,那将会怎样? HyperSQL will block that user? HyperSQL会阻止该用户吗? Does HyperSQL database has some security methods against password attacks - for example login delay after some failures? HyperSQL数据库是否具有针对密码攻击的某些安全方法-例如某些故障后的登录延迟?
1 个解决方案
解决方案1
1 2015-09-25 11:48:08
Why don't you just try it out locally? 您为什么不只是在本地尝试呢? I can't seem to find whether it has a limit on the amount of login attempts, but you could try it out with a local instance of the database and just doing something like: 我似乎无法找到它是否对登录尝试次数有限制,但是您可以使用数据库的本地实例进行尝试,然后执行以下操作:
for (int i = 1; i <= 1000; i++) {
System.out.println("Trying to log in, try number " + i);
DriverManager.getConnection("jdbc:hsqldb:hsql://localhost/fsdb", "SA", "some_password");
try {
Thread.sleep(100);
} catch(InterruptedException ex) {
System.out.println("Sleep was interrupted.");
Thread.currentThread().interrupt();
}
}
Edit: your database server should probably not be open to connections from all external IP's anyways. 编辑:您的数据库服务器可能无论如何都不应该打开来自所有外部IP的连接。
So if there's no reason to allow all external IP's to make connections to the database server, you should make a whitelist with the help of this guide . 因此,如果没有理由允许所有外部IP与数据库服务器建立连接,则应在本指南的帮助下将其列入白名单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.