Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • This is more a development question than a security one. From a security point of view, however, any answer will have to take into account the value of the data you're storing on that database server so it is hard to give a "general purpose" answer. Commented Jun 11, 2015 at 8:45
  • A "web site" compromise is different from a "web server" compromise. The latter includes all web sites on that server including system accounts. A much larger scope. Are you referring to just your "web site" being hacked? Commented Jun 11, 2015 at 23:14
  • I'm talking about the web server itself, so someone can see the .Net application, decompile it, see where our database server is and use the login information that the application is using to compromise the database server. Commented Jun 12, 2015 at 12:35
  • @JamesR Probably just semantics here, but an attacker with access to the web server wouldn't be decompiling the .NET application. The login would not be revealed either. (The password would remain safe if the site uses a Trusted Connection.) Instead, they would swap out the website(s) with their own and do whatever they want with the same permissions as the user running the original website(s). Commented Jun 16, 2015 at 22:59
  • Hi, I know that an attacker probably wouldn't be bothered trying to mess around with our database server, and would instead mess with the site itself, but my manager still worries, so I wanted to put his mind at ease. Commented Jun 24, 2015 at 12:32