Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Securing Data

By Steve Jones,

SQL Injection This might be obvious, but after seeing this article, I wonder if it's the feeling of many executives. The article mentions that firms should be shifting their focus from network security to application security.

Meaning don't rely on a firewall, build more secure applications that prevent in-advertent access to data. Be aware of SQL Injection, be sure your developers know what it is, and then plan to prevent such attacks.

There will always be criminal elements that can outsmart us. But most people rely on poor security and common issues. There are way more "script kiddies" out there that can use an script or custom application to exploit and issue than can develop one and most of them search for easy targets. Each tiny step you take to increase your security means a huge absolute number of people that you drop off your potential attacker list. So taking a few small steps towards increasing security could go a long way.

And that means that you need to code more securely. There was a time when I saw a lot of buzz about secure coding, but lately I haven't seen many articles about it. And I continue to see questions about basic SQL Injection vulnerabilities. I've heard that at a few of the SQL Saturday and other events that the SQL Injection sessions are very well attended and quite a few people are still surprised about this vulnerability.

Maybe that should be a required CS class at all colleges.

The only way to get more secure code is for programmers to write more secure code. Regardless of the time, effort, or any other reason to avoid it, you should learn to write secure code, implement secure databases, and pass knowledge to others. Don't skimp on this one, very important, skill set in your career.

Steve Jones

PS: Vote for Service Pack 3 for SQL Server 2005. Right now there are no plans to release it. We need your vote so Microsoft will build it.


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are now available at sqlservercentral.podshow.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

 
Total article views: 507 | Views in the last 30 days: 2
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

BLOG

Technical Podcasts I Listen To

There are a few podcasts I tend to listen to as I have time. Since I work with a wide...

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

BLOG

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...

BLOG

Talking TypeScript on the .NET Rocks! Podcast

I appeared on the .NET Rocks podcast show #1149 this week.  I had a blast talking about TypeScript, ...

Tags
editorial    
 
Contribute