On Thu, 2005-11-10 at 12:54 +0800, Paul Wong wrote:
What if the database, is running on a seperate server not the same as the web
server ?
Without access to the application running on your web server (and thusly
being able to read the config files), finding this out would be quite
hard - your first options for this, off the top of my head would
probably be:
a) Finding it by network reconnaissance and hoping that it's either in
the same address range, has some obvious-looking forward DNS, etc.
b) Get information on this from the application, which you might get if,
for instance, the app doesn't handle errors properly and will return to
you some database-specific errors which haven't been wrapped (which may
give you a better idea where the database server is and will probably
give you at least some platform-specific DB info).
c) Guess (chances are if it's PHP, it's my/postgresql, chances are if
it's ASP, it's mssql). This obviously doesn't help much if it's not an
SME app and therefore stands a chance of running on something other than
postgre/my/mssql.
On Thu, 2005-11-10 at 09:56 +0530, crazy frog crazy frog wrote:
a simple port scan will tell you about database
server?3306->mysql,(default)...same with others run on a specific
ports until changed.
Additionally, securing a sql server used as the database server for a
webapp on the same machine so that it only listens on localhost is one
of the most basic of possible security measures; unless there are
specific reasons for binding to a perimeter interface (or the admin is
stupid), it's unlikely that a server would be listening on anything
other than localhost unless it had to.
What exactly is the nature of your inquiry, why/how do you want to know,
and what sort of access do you have to the box in question? Are you
looking for something general here (postgre/my/mssql/oracle/db2 etc), or
something more specific?
- James.
