Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

No One is Safe

By Steve Jones,

I bet the developer that built the recognition feature for this application never thought he would have these type of security issues. Someone sent me this picture, which is a fantastic use of SQL Injection that I had never thought of.

As I read about more and more OCR and translation services being used on data, especially pictures and audio data, and who knows what else, I think there are all sorts of new security issues we will have to be aware of. Even in places that you might not expect, perhaps inside of bar codes or other types of encoding mechanisms, there could be SQL injection techniques in play. 

Can you imagine SQL injection commands being embedded in something like an RFID chip?  I really hope that people building all those credit card reading machines have architected their applications to prevent injection techniques from being used.

The world  of application development is expanding constantly, as cheaper computing devices become more pervasive. And with great connectivity being available, it's likely that our transactional databases are becoming more and more exposed to new security threats.  As DBAs we need to be aware of issues and ensure we are informing developers of potential threats that can be exploited.

Even if you are not exposing your database today to external systems or connections, who knows if they'll be exposed in the future as someone seeks to expand their business opportunities. Practice safe computing, and ensure every developer understands what SQL Injection is.

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at

Total article views: 350 | Views in the last 30 days: 1
Related Articles

SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many kn...


SQL Injection

Javascript SQL Injection


More SQL Injection

Why are sites still being hit by SQL Injection on a large scale? Steve Jones talks about a recent la...


Podcast Announcements

Podcast Feeds


SQL Injection - Part 1

Randy says that the biggest reason we have so many injection vulnerabilities is that all the asp boo...

sql injection    

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones