SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Injection Everywhere


SQL Injection Everywhere

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62272 Visits: 19102
Comments posted to this topic are about the item SQL Injection Everywhere

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)

Group: General Forum Members
Points: 85701 Visits: 41089
I think people have really gotten silly with computers. I mean, c'mon! Why would anyone connect a bloody washing machine to the internet?

More silly stuff... I heard that there was a recall by one of the car makers the other day. Seems like the (I can't believe this) computer controlled windshield wipers were having a problem. REALLY??!! We're paying for that kind of stupid stuff?

How about spending more time and dollars on really cool stuff like designing a 350HP engine that gets 50MPG without batteries? You see that kind of stuff on the news all the time. How come no one has put that type of technology in common vehicles instead of screwing around with {gasp!} computer controlled windshield wipers.

Like the quote goes, "No one is sure of the age of the human race but everyone agrees it should know better by now."

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Anders Hansen
Anders Hansen
Old Hand
Old Hand (314 reputation)Old Hand (314 reputation)Old Hand (314 reputation)Old Hand (314 reputation)Old Hand (314 reputation)Old Hand (314 reputation)Old Hand (314 reputation)Old Hand (314 reputation)

Group: General Forum Members
Points: 314 Visits: 202
I think there are many good reasons for connecting things to the internet, and to let them be computer controlled.

Not to ruin your wind shield story - but I really like the wipers in our car. They are connected to a sensor, and start wiping if the windows get wet. This allows me to keep my limited focus on the road. And the wipers are just a small part. I believe that all these small things in cars can help us focus more on the road and drive safer.

But I totally agree, that when they mess up and need to recall cars because of what must be a critical error in the wiper software - then something might not be as decoupled as it should have been. And sooner or later we will all be driving autonomous cars - and then we can start worrying about software bugs... :-)

For the other "connected" items, I would agree that maybe the washing machine isn't the most obvious. But still there could be some features which could come in handy. You could start the machine when you start driving home from work (even when you don't know when work is done), it could call on service if some small problem has occurred, instead of today where they just keeps going and then breaks completely (good for the environment I guess), receive updates to the built-in programs to be more efficient (in strong opposition to the "If it ain't broken, don't fix it" rule), etc.

But we need to remember that no matter how much we test our software, when we move from mechanical controlled to software controlled we will introduce some new risk, and some new bugs. And those can be hard to fix in e.g. a non-connected washing machine.

/Anders
UMG Developer
UMG Developer
SSCrazy
SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)SSCrazy (2.7K reputation)

Group: General Forum Members
Points: 2678 Visits: 2204
Jeff Moden (4/10/2011)
More silly stuff... I heard that there was a recall by one of the car makers the other day. Seems like the (I can't believe this) computer controlled windshield wipers were having a problem. REALLY??!! We're paying for that kind of stupid stuff?


You mean you don't mind turning your windshield wipers on and off? ;-)

My cars has automatic headlights, and after having driven it for a while, it was a real shock when I drove a rental car into a parking garage, and it was like, why is it so dark in here and I can't see? Duh, I have to actually turn the head lights on.

In terms of cars everything that can reasonably be automated, without significant risk, that takes a distraction away from the driver is a good thing in my opinion. (How many people do you see driving at twilight without their lights on?)
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)

Group: General Forum Members
Points: 85701 Visits: 41089
Anders Hansen (4/10/2011)
I think there are many good reasons for connecting things to the internet, and to let them be computer controlled.

Not to ruin your wind shield story - but I really like the wipers in our car. They are connected to a sensor, and start wiping if the windows get wet. This allows me to keep my limited focus on the road. And the wipers are just a small part. I believe that all these small things in cars can help us focus more on the road and drive safer.

But I totally agree, that when they mess up and need to recall cars because of what must be a critical error in the wiper software - then something might not be as decoupled as it should have been. And sooner or later we will all be driving autonomous cars - and then we can start worrying about software bugs... :-)

For the other "connected" items, I would agree that maybe the washing machine isn't the most obvious. But still there could be some features which could come in handy. You could start the machine when you start driving home from work (even when you don't know when work is done), it could call on service if some small problem has occurred, instead of today where they just keeps going and then breaks completely (good for the environment I guess), receive updates to the built-in programs to be more efficient (in strong opposition to the "If it ain't broken, don't fix it" rule), etc.

But we need to remember that no matter how much we test our software, when we move from mechanical controlled to software controlled we will introduce some new risk, and some new bugs. And those can be hard to fix in e.g. a non-connected washing machine.


/Anders


Maybe I'm over-simplifying but you don't need a computer to interface the sensor to your windshield wipers to have it work. You also don't need a computer to turn the lights of your car on when you drive into a dark spot. A simple sensor will do that without the need for a computer.

I subscribe to a satellite TV company. One of the requirements to "get the discount" is to always have the receiver connected to the phone line. I had to run that phone line because one didn't exist where the TV was.

And what would they do to the software running a washing machine? Change the timers? That justifies a full time internet connection? And it won't fix the most common aliment of having the little cross of rubber between the motor and the clutch wearing out even on computer controlled washers.

I love technology. It's been used to do some pretty good things. I just think people are getting carried away with its implementation in a lot of areas.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
paul.knibbs
paul.knibbs
SSCrazy
SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)

Group: General Forum Members
Points: 2523 Visits: 6232
Jeff Moden (4/10/2011)
How about spending more time and dollars on really cool stuff like designing a 350HP engine that gets 50MPG without batteries?


Because it's impossible? Petrol and diesel engines are not far off as efficient as they possibly can be right now--350HP while still getting 50mpg is a pipe-dream, I'm afraid. It's still possible to get 50mpg, though, just buy a smaller car!
David Data
David Data
Old Hand
Old Hand (331 reputation)Old Hand (331 reputation)Old Hand (331 reputation)Old Hand (331 reputation)Old Hand (331 reputation)Old Hand (331 reputation)Old Hand (331 reputation)Old Hand (331 reputation)

Group: General Forum Members
Points: 331 Visits: 810
Talk of SQL Injection always reminds me of this xkcd comic, which should never be forgotten by database professionals - Little Bobby Tables
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)SSC Guru (85K reputation)

Group: General Forum Members
Points: 85701 Visits: 41089
paul.knibbs (4/11/2011)
Jeff Moden (4/10/2011)
How about spending more time and dollars on really cool stuff like designing a 350HP engine that gets 50MPG without batteries?


Because it's impossible? Petrol and diesel engines are not far off as efficient as they possibly can be right now--350HP while still getting 50mpg is a pipe-dream, I'm afraid. It's still possible to get 50mpg, though, just buy a smaller car!


Heh... Impossible? Not with all the waste heat collected by the cooling system or blown out the tail pipe. What's the effeciency of today's engines? IIRC, If they even come close to 20%, it would be a miracle.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
blandry
blandry
SSC-Addicted
SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)SSC-Addicted (497 reputation)

Group: General Forum Members
Points: 497 Visits: 723
There was a news story this weekend reporting that distracted driving is becoming an epidemic in the country. There was an increase of 13,000 additional car accidents all attributed to distracted driving. Ford Motor company is now facing multiple law suits (as are other car companies) based on them building in Tom-Tom's and other various digital distractions into their new model cars.

Yes, it is scary that at some point, controlling our worlds digitally seems so much like the old "Jetsons" cartoons, but the reality is that the more we come up with these (usually) bad ideas, we only increase the 'playground' for hackers. Add that to the distracted and disconnected society we are building and all the images of the "bright future" technology would bring us, suddenly dims.

What we have lost in the last three decades is simple; we used to build technologies to address problems - now we build them for nothing more than 'because we can', and all the better if we get people hooked on it - who cares about the rising death and injury toll, let alone the danger of too much bleach in your wash - there's money to be made.
So, a few will get rich, some will get hacked and have too much bleach in their colors, and thousands will die and be maimed all in the interest of almighty dollar.

Welcome to the future; a hackers paradise of ill-thought out technological wonders.

There's no such thing as dumb questions, only poorly thought-out answers...
Joe Johnson-482549
Joe Johnson-482549
SSC Veteran
SSC Veteran (214 reputation)SSC Veteran (214 reputation)SSC Veteran (214 reputation)SSC Veteran (214 reputation)SSC Veteran (214 reputation)SSC Veteran (214 reputation)SSC Veteran (214 reputation)SSC Veteran (214 reputation)

Group: General Forum Members
Points: 214 Visits: 262
First, you mention that turning up your refrigerator is not that bad, but what if it was more malicious -- say they turn it up while you're gone during the day, then turn it back down in the evening. You may not be aware that your food is potentially unsafe. Botulism and other types of food poisoning can be life threatening.

I think it speaks volumes about human nature when one of the biggest selling items is an aluminum wallet.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search