Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

No One is Safe

By Steve Jones,

I bet the developer that built the recognition feature for this application never thought he would have these type of security issues. Someone sent me this picture, which is a fantastic use of SQL Injection that I had never thought of.

As I read about more and more OCR and translation services being used on data, especially pictures and audio data, and who knows what else, I think there are all sorts of new security issues we will have to be aware of. Even in places that you might not expect, perhaps inside of bar codes or other types of encoding mechanisms, there could be SQL injection techniques in play. 

Can you imagine SQL injection commands being embedded in something like an RFID chip?  I really hope that people building all those credit card reading machines have architected their applications to prevent injection techniques from being used.

The world  of application development is expanding constantly, as cheaper computing devices become more pervasive. And with great connectivity being available, it's likely that our transactional databases are becoming more and more exposed to new security threats.  As DBAs we need to be aware of issues and ensure we are informing developers of potential threats that can be exploited.

Even if you are not exposing your database today to external systems or connections, who knows if they'll be exposed in the future as someone seeks to expand their business opportunities. Practice safe computing, and ensure every developer understands what SQL Injection is.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

Total article views: 349 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

SQL Injection!

Do your developers really understand how to prevent injection attacks? Or scarier still, how many kn...

FORUM

SQL Injection

Javascript SQL Injection

ARTICLE

More SQL Injection

Why are sites still being hit by SQL Injection on a large scale? Steve Jones talks about a recent la...

ARTICLE

Podcast Announcements

Podcast Feeds

FORUM

SQL Injection question

fat client injection

Tags
editorial    
security    
sql injection    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones