XML considerations
XML and XSLT stylesheets are becoming the industry standard for the access, distribution, and presentation of data. With databases which permit web publishing, stylesheets can be used to remove or modify meta-data in XML files sent to web users (for example, to hide field names), or to statically define query string parameters (such as database and layout name values) to prevent them from being exposed to or modified by web users.
Reminder: Data formatted as XML is essentially text. This means that it can potentially be intercepted and read, unless appropriate means are used to encrypt it. Whenever you are broadcasting data with TCP/IP and hosting databases, you should use SSL encryption in the web server application. This blocks “packet sniffer” applications, which monitor network traffic and might be capable of extracting your database data.
Never enable any extended privileges unless it is necessary.
Considerations for PC and MAC events
Your own computer’s operating system can trigger events, such as automatic upgrades, which can have implications for your database. Make sure you set your upgrade preferences to manual rather than automatic.
Whenever introducing third-party technology, test all scripts and user scenarios thoroughly to ensure there are no ‘back doors’ that might leave you vulnerable.

Following all of these guidelines may seem laborious, but keep in mind the rise of identity theft and threats to credit card security are growing. Data theft from your company can be even more disastrous.  Your data is the wealth of your company, but with these steps to protect your databases, you should be able to ensure that your company is safe and secure from accidental or deliberate threat.

Using Secure Sockets Layer (SSL) security for web publishing
The SSL protocol is a standardized method for allowing encrypted and authenticated communication between web servers and clients (web browsers). SSL encryption is only available to databases hosted on a server, and is enabled in the web server application, such as Microsoft Internet Information Server (IIS) or Apache HTTP Server by the Apache Group.
SSL encryption converts information exchanged between servers and clients into unintelligible information through the use of mathematical formulas known as ciphers. These ciphers are then used to transform the information back into understandable data through encryption keys.
For information on enabling and configuring SSL, review the documentation that accompanies your web server to make sure that your security protocols are all in place.
Being aware of wireless networks
Another security vulnerability to be aware of are wireless networking devices, also called “Wi–Fi” connections, which include:
•a station such as a laptop, or other wireless enabled device
•an access point (wireless hub or bridge) that is the point of access to the network
•the Local Area Network itself
•an authentication server, a separate device that challenges clients when they attempt network connections
Radio frequency access to a network leaves it open to packet interception by any radio within range of a transmitter. This enables intruders to connect through wireless protocols to corporate networks. These intrusions can be made far outside the customary “working” range by using hi-gain antennas. This is how so many credit card numbers have been stolen from high-end retailers, by people with these high-range devices just driving through mall car parks.

Your own server can be equally vulnerable. If your server is hosting files, an intruder could access data if the files lack sufficient user account security. An intruder who knows how a WAN controls access might be able to gain access to the network, steal a valid computer address, and use its assigned IP address.
A typical approach is to wait until the valid computer stops using the network and then take over its position in the network and gain access to all devices in the network or to the wider Internet.
Important When assessing the physical security of your network, password-protect and encrypt your wireless networking signals. Always use the maximum level of signal encryption available.

Web server security
The web server application performs the critical task of processing and fulfilling requests for data when you publish databases, images, and other content on the web.

When users enter a web address into their browser, they are requesting the web server software at that address to locate data or an image and download it to their computer, where it can be displayed in their browser.

To protect the integrity of this process, your web server has its own security mechanism.
If you host databases with a server, use a third-party web server application such as Microsoft Internet Information Server (IIS) or Apache HTTP Server to publish files on the web. You can take advantage of additional security features, like SSL encryption, to transport data from the host to the web clients more securely.
Use encryption or VPNs to protect data
Consider using encryption and VPNs (Virtual Private Networks) to protect your databases on a TCP/IP network. Encryption is the process of manipulating data (clear text) such that the result (cipher text) can be understood only by certain applications.
You can protect data by:
•Setting up a secure VPN to encrypt some (or all) of your network traffic as it travels across a Wide Area Network (WAN).
•Host databases with a server and configure SSL encryption in the web server application.
•Combine the above for extra security.

Protecting your databases from web-based attacks
Start by reviewing the security procedures explained in this article thus far.
Always remember that your host computer is both your connection to the outside world and, if unprotected, the outside world’s connection to your internal network. Make sure that you verify the following:
•For web-shared solutions, especially on the Internet, consider configurations with two (or more) computers separating the database from the web publishing components, firewalls, SSL and other standard Internet technologies.
This protects access to your files and protects the communication between web users’ web browser and the server.

•Review settings for remote access, such as file sharing and FTP, to ensure that direct access to upload or download files from the host computer are restricted in a manner that prevents inappropriate access to your files.

•When you host a database using TCP/IP, you might be allowing uninvited visitors access to your host computer and internal network. A firewall is essential to separate your network and protect files “behind the firewall,” which prevents users on the outside of the firewall from accessing any TCP/IP addresses that you have not exposed.

8. Do not store database files or any sensitive data in the Web folder (or sub-folders).
9. Enable log files to track the IP address of users who are accessing your web published files (as well as the date and time of requests, and other options). Check these logs to make sure there is no unauthorized access.
10. With most databases, you can limit access to users who use an IP address that you specify in advance. When hosting files on a server, you can set limitations on client IP addresses in the web server application.
11. If you are hosting web-published databases with a server, you can use additional security measures like SSL encryption, which may also be available with your web server application. In addition, you can disable the web publishing technologies that you are not using.
12. If you are hosting web-published database with a server, remember that the server will use certain ports and protocols to communicate with the web server. You may have to open ports or allow protocols on your host computers and firewalls, which could leave you vulnerable if you don’t take the appropriate security precautions.
13. If you are hosting databases with a server and using the web publishing option, make sure you test your security from a web browser to see which elements might be exposed.