Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Securing Data

By Steve Jones,

SQL Injection This might be obvious, but after seeing this article, I wonder if it's the feeling of many executives. The article mentions that firms should be shifting their focus from network security to application security.

Meaning don't rely on a firewall, build more secure applications that prevent in-advertent access to data. Be aware of SQL Injection, be sure your developers know what it is, and then plan to prevent such attacks.

There will always be criminal elements that can outsmart us. But most people rely on poor security and common issues. There are way more "script kiddies" out there that can use an script or custom application to exploit and issue than can develop one and most of them search for easy targets. Each tiny step you take to increase your security means a huge absolute number of people that you drop off your potential attacker list. So taking a few small steps towards increasing security could go a long way.

And that means that you need to code more securely. There was a time when I saw a lot of buzz about secure coding, but lately I haven't seen many articles about it. And I continue to see questions about basic SQL Injection vulnerabilities. I've heard that at a few of the SQL Saturday and other events that the SQL Injection sessions are very well attended and quite a few people are still surprised about this vulnerability.

Maybe that should be a required CS class at all colleges.

The only way to get more secure code is for programmers to write more secure code. Regardless of the time, effort, or any other reason to avoid it, you should learn to write secure code, implement secure databases, and pass knowledge to others. Don't skimp on this one, very important, skill set in your career.

Steve Jones

PS: Vote for Service Pack 3 for SQL Server 2005. Right now there are no plans to release it. We need your vote so Microsoft will build it.


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are now available at sqlservercentral.podshow.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 467 | Views in the last 30 days: 3
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

BLOG

Technical Podcasts I Listen To

There are a few podcasts I tend to listen to as I have time. Since I work with a wide...

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

BLOG

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...

BLOG

Powerscripting Podcast 2

I was interviewed by Jon (@JonWaltz) and Hal (@Halr9000) in episode 106 of the PowerScripting Podcas...

Tags
editorial    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones