Security is Improving

I have written many times that we need to improve the security of our systems. We should be adhering to best practices, and limiting access where we can, and most of all, forcing all developers and DBAs to write better code that limits the security vulnerabilities, especially for SQL injection. Apparently we are getting better, according to a recent White Hat survey, which found a dramatic decline in the vulnerabilities that are on the sites they monitor. There are still issues, but fewer of them.

I think that the increased press and attention given to attacks, as well as the focused efforts of hackers are forcing companies to pay more attention to security. I hope this translates into more testing, better training and more careful deployments rather than the haphazard, slap-dash approach that many companies have taken. It's great that companies can change their look and feel, adding new features and flashy images, but they need to include secure coding efforts and careful review along with everything else.

Personally, I'd like to believe that developers are getting better about coding in a secure manner, using the patterns and practices that will limit SQL injection or other vulnerabilities. They see the headlines and are spending time working on their coding skills, particularly in the security area. I hope that's the case, and that we are maturing our industry into one that is making fewer and fewer mistakes as we build new applications.

Steve Jones

The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Watch the Windows Media Podcast - 14.6MB WMV
Watch the iPod Video Podcast - 15.2MB MP4
Watch the MP3 Audio Podcast - 3.1MB MP3

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Lockdown or Let Them Free

by Steve Jones

SQLServerCentral.com

Editorial

Do we take security too far? Are we creating unnecessary rules for those that need to use the resources we support? Steve Jones talks today about security and how we might want to approach it when handling rights for developers.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

4.5 (2)

You rated this post out of 5. Change rating

2014-06-27 (first published: 2009-09-21)

217 reads

Discuss

Placing a Value on Data

by Steve Jones

SQLServerCentral.com

Editorial

What's your stolen data worth? It might be worth investigating, as Steve Jones suggests. Then you'll know how much you should be spending to protect it.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2009-08-05

66 reads

Discuss

The Danger of Algorithms

by Steve Jones

SQLServerCentral.com

Editorial

What problems occur because of the algorithm chosen to generate data? A new report says that social security numbers in the US can be predicted. Steve Jones has a few warnings about what algoriothms you choose.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2014-04-28 (first published: 2009-07-27)

326 reads

Discuss

Administering Securely

by Steve Jones

SQLServerCentral.com

Editorial

A common request is how can you secure SQL Server data and prevent the system administrator from viewing data. Steve Jones talks a little about the issue and how you can handle it.