Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Hack Resistant?

By Steve Jones,

Security should be on the forefront of every data professionals' mind. It doesn't matter if you are developer, administrator, or other position, you ought to be considering the security implications of changes you make to the database. More and more data is being stored in databases, and often it's moved between databases as well. Whether that's to data warehouses, or development environments, we ought to be considering security to be more a part of our daily work and process rather than something limited to specific systems.

Vendors are trying to make systems more secure. I see the encryption capabilities grow with each version of SQL Server, and new features have been added, like TDE, to help technology professionals secure their data. Other vendors have introduced other safety mechanisms, and one caught my eye by claiming to be "hack resistant". It's the ZenithVault database says it is practically impossible for hackers to gain access to storage systems and steal confidential information. It supposedly does this by "data splitting", moving parts of data onto separate servers.

It sounds like a good solution, in the same way that TDE is a good solution. If someone is able to access your physical files, they won't be able to read the data in them. That's a good precaution, and it works well in TDE's case (I can't speak for ZenithVault), but it's also not hack resistant.

The biggest hacking problem that I see in the world today is SQL Injection. Since legitimate accounts can access your database, often through web-based front ends, and SQL Injection uses these same accounts to access data, none of the encryption and security capabilities you set up protect you. None of these items come into play when you have code that allows hackers to inject their own commands through your existing application, web based or not.

Secure coding is important, and it's something that we should all require and practice as we build software. Your application might not access secure data today, but that might change in the future.

Total article views: 147 | Views in the last 30 days: 2
 
Related Articles
ARTICLE

SQL Injection Everywhere

Steve Jones talks about the possibility of SQL Injection, or other security issues from malformed in...

ARTICLE

SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many kn...

FORUM

SQL INJECTION

PREVENT INJECTION WITH TRIGGER ?

ARTICLE

Updated SQL Injection

SQL injection has been a hot topic the last couple years and there are some great articles at SQLSer...

ARTICLE

Stored Procedures and SQL Injection

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Inject...

Tags
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones