I know that while facing the web it is vulnerable to SQL attacks and and as a result there is a potential risk to information security.
I want to expand my explanation in a report, so i just need some key point if possible!
I want it to relate to security or information security.
Thanks
<snip>
Security is in conceptual level as well.
For example, when someone hacks your DELETE RECORD pages, you can still survive.
In fact, you may need to design your system to avoid such things.
I normally just disable the record when a delete button is pressed with a confirmation, even by the administrator. And, keep a log. Schedule a full backup at least 3 times a day.
Plus, do not allow to run several pages at once - which should mean a thief or bad user.
Network sniffers can read your FTP details - upgrade to SSH.
It takes time to implement everything; but think on the ratios of the vulnerabilities, impact, control measures, and your real work.
When you are likely to lose data due to your weak securities, it does not matter who misuses them first - a cracker or your staff.
If it’s not connected to the public internet, then you don’t have to worry about newly found bugs in the software that allow someone to take control of the server, as they won’t be able to access it to exploit the vulnerability. SQL injection is more a vulnerability of your web application than of the database, and if the web application is coded in such a way that it’s vulnerable to them, it doesn’t matter if the MySQL server is internet-connected or not.