Symantec Interview Question for Associates


Country: India
Interview Type: In-Person




Comment hidden because of low score. Click to expand.
2
of 2 vote

there are many ways like
for sql injections use scripting at client side (never allow -- or ')
now even if client disables validation script you have an option of server side scripting
IInd enforce some access level criteria for privilege operations like for drop , union etc

don't allow a user to query the db use dropdown lists for selection

now days nearly all db's are encrypted mostly applications made with Microsoft development tools like visual studio C#.net etc

- krishnam6767 September 19, 2012 | Flag Reply
Comment hidden because of low score. Click to expand.
0
of 0 vote

input validation using white list...
ACL's

- iDoit October 18, 2012 | Flag Reply
Comment hidden because of low score. Click to expand.
0
of 0 vote

1. check the user is exist on the Active Directory or not ? based on that we can provide the access on the DB. n prevent the other user to hit database
2. we need to create one custom role and that role we can associate with user so that user have minimum access on the db.
3. there should not be any direct statement used in code to fetch data from db it should be from SP only

- abhijit.desai December 17, 2012 | Flag Reply
Comment hidden because of low score. Click to expand.
0
of 0 vote

This is a very open ended question, with no specific answer, Though, The answer can be given as below:-
The security should be looked in a complete sense, right from installation, access rules, Audit Trail, Back Restore, Privileges, Credential prevention etc.
- In DB's like IBM DB2, it needs a system user to be created, thus, security of the system user is also important. Choose a strong password for the instance user, never use the default username/password for configuration.
- Follow the principle of least privilege, The web application connecting to the database should use a low privilege user account, which is allowed only to execute bare minimum scripts to fulfill the deeds of the application and nothing more.
- The application should not store username/password in plain text in any application configuration files. It should be encoded and then used.
- Its always better to create a datasource and use JNDI lookup.
- Ensure the number of sockets available in the system complements the number of connections that you anticipate to the database from any form of DB connection.
- Perform bound checking for any user inputs.
- Use parameterized SQL queries, in case you are using plain JDBC, Or better go for an ORM.
- Do not create tables in the default schema.
- Review code for functions/triggers/procedures which are present in the database.
- Ensure the sql scripts are encrypted [Eg. use TDE, SQLShield etc]

- Vikas Chourasiya December 01, 2013 | Flag Reply


Add a Comment
Name:

Writing Code? Surround your code with {{{ and }}} to preserve whitespace.

Books

is a comprehensive book on getting a job at a top tech company, while focuses on dev interviews and does this for PMs.

Learn More

Videos

CareerCup's interview videos give you a real-life look at technical interviews. In these unscripted videos, watch how other candidates handle tough questions and how the interviewer thinks about their performance.

Learn More

Resume Review

Most engineers make critical mistakes on their resumes -- we can fix your resume with our custom resume review service. And, we use fellow engineers as our resume reviewers, so you can be sure that we "get" what you're saying.

Learn More

Mock Interviews

Our Mock Interviews will be conducted "in character" just like a real interview, and can focus on whatever topics you want. All our interviewers have worked for Microsoft, Google or Amazon, you know you'll get a true-to-life experience.

Learn More