All Data Readers Are Evil

By Steve Jones, 2008/04/29

Total article views: 105 | Views in the last 30 days: 105

(not yet rated) Rate this |

That's part of a motto proposed by John Magnabosco of the Indy PASS Chapter. John and I have been corresponding for a bit and he's trying to get me to the Indy Tech Fest in October. If you're in the area on October 4th, you might want to register.

The full motto for DBAs is "all data is sensitive and all data readers are evil unless proven otherwise," and I think it might not be a bad idea for us to start thinking this way. It's actually perhaps a corollary to "all data input is evil unless proven otherwise."

Now that's a very interesting attitude to me and while I wasn't sure it was something we needed to worry about it at first glance. However over the last year, I've found that the SQL Injection talks and sessions I've attended or heard about from people, are still very well attended. And not only are they well attended, but it seems that there are still quite a few people that didn't realize that this was something they needed to worry about.

We often see data as benign, but SQL Injection has shown us this isn't the case. And if you've ever tried to run queries that result in implicit CASTSs to ints when there is varchar data in the field, you realize quickly what power the data actually has. With SQL Server 2008 bringing us more capabilities to store data that isn't easily human readable (spatial and multimedia), our data could contain any number of problematic constructs inside.

As DBAs we are responsible for safeguarding the data, but often we depend on developers to ensure that proper data in input into the system. As a result, we need to be sure we work closely with them to get proper validation built into all applications.

If nothing else, remember the old saying: "garbage in, garbage out"

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are now available at sqlservercentral.podshow.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.

Overall RSS Feed: or now on iTunes!

Windows Media Podcast - 23.9MB WMV
iPod Video Podcast - 19.6MB MP4
MP3 Audio Podcast - 4.7MB

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

By Steve Jones, 2008/04/29

Total article views: 105 | Views in the last 30 days: 105

Your response

(not yet rated) Rate this |

Join the discussion |

Briefcase

Related tags

What Should A DBA Be Doing?

By Steve Jones | Category: Editorial

(not yet rated) | 620 reads

Not Just At Home

By Steve Jones | Category: Editorial

(not yet rated) | 235 reads

Dog Food

By Steve Jones | Category: Editorial

(not yet rated) | 145 reads

Halo 3

By Steve Jones | Category: Editorial

(not yet rated) | 158 reads

Already registered?

Free registration required

To read the rest of this article, and access thousands of other articles, we ask you to register on the site and subscribe to our newsletters.

Register

E-mail address:
Password:
Password (confirm):

Subscriptions

We ask you to register on the site and subscribe to our newsletters. Subscribing to our newsletters gets you:

ALL of our content (thousands of articles, scripts, and forum postings)
A daily newsletter (example)
A weekly news round up (example)
The opportunity to ask and answer questions in our forums
A daily Question of the Day to test and help you increase your knowledge of SQL Server.

We ask that you give the newsletter a try for a week. Over 200,000 SQL Server Professionals a day find it entertaining and useful. If not, you are welcome to unsubscribe at anytime.

Steve Jones
Editor, SQLServerCentral.com