Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

No One is Safe

By Steve Jones,

I bet the developer that built the recognition feature for this application never thought he would have these type of security issues. Someone sent me this picture, which is a fantastic use of SQL Injection that I had never thought of.

As I read about more and more OCR and translation services being used on data, especially pictures and audio data, and who knows what else, I think there are all sorts of new security issues we will have to be aware of. Even in places that you might not expect, perhaps inside of bar codes or other types of encoding mechanisms, there could be SQL injection techniques in play. 

Can you imagine SQL injection commands being embedded in something like an RFID chip?  I really hope that people building all those credit card reading machines have architected their applications to prevent injection techniques from being used.

The world  of application development is expanding constantly, as cheaper computing devices become more pervasive. And with great connectivity being available, it's likely that our transactional databases are becoming more and more exposed to new security threats.  As DBAs we need to be aware of issues and ensure we are informing developers of potential threats that can be exploited.

Even if you are not exposing your database today to external systems or connections, who knows if they'll be exposed in the future as someone seeks to expand their business opportunities. Practice safe computing, and ensure every developer understands what SQL Injection is.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

 
Total article views: 356 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many kn...

FORUM

SQL Injection

Javascript SQL Injection

ARTICLE

More SQL Injection

Why are sites still being hit by SQL Injection on a large scale? Steve Jones talks about a recent la...

FORUM

SQL Injection question

fat client injection

ARTICLE

SQL Injection - Part 1

Randy says that the biggest reason we have so many injection vulnerabilities is that all the asp boo...

Tags
editorial    
security    
sql injection    
 
Contribute