SQLServerCentral Editorial

All Data Readers Are Evil

,

That's part of a motto proposed by John Magnabosco of the Indy PASS Chapter. John and I have been corresponding for a bit and he's trying to get me to the Indy Tech Fest in October. If you're in the area on October 4th, you might want to register.

The full motto for DBAs is "all data is sensitive and all data readers are evil unless proven otherwise," and I think it might not be a bad idea for us to start thinking this way. It's actually perhaps a corollary to "all data input is evil unless proven otherwise."

Now that's a very interesting attitude to me and while I wasn't sure it was something we needed to worry about it at first glance. However over the last year, I've found that the SQL Injection talks and sessions I've attended or heard about from people, are still very well attended. And not only are they well attended, but it seems that there are still quite a few people that didn't realize that this was something they needed to worry about.

We often see data as benign, but SQL Injection has shown us this isn't the case. And if you've ever tried to run queries that result in implicit CASTSs to ints when there is varchar data in the field, you realize quickly what power the data actually has. With SQL Server 2008 bringing us more capabilities to store data that isn't easily human readable (spatial and multimedia), our data could contain any number of problematic constructs inside.

As DBAs we are responsible for safeguarding the data, but often we depend on developers to ensure that proper data in input into the system. As a result, we need to be sure we work closely with them to get proper validation built into all applications.

If nothing else, remember the old saying: "garbage in, garbage out"

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are now available at sqlservercentral.podshow.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.

Overall RSS Feed:

or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Rate

You rated this post out of 5. Change rating

Share

Categories

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content

SQLServerCentral Editorial

Mini-Me

Will the next version of Windows be a "Mini-Me" version of Vista? Who knows, and it's too early to tell, but apparently there's a mini-kernel version of Windows 7, the one after Vista, which fits into 25MB on disk. That's a touch lower than the 4GB that Vista takes up. Granted it's not a full […]

You rated this post out of 5. Change rating

2007-10-25

105 reads

SQLServerCentral Editorial

An Hour in Time

Daylight Savings time switches a little later this year. In fact it's November 4th this year, after having been in October for all of my life. In case you don't remember which way we move the clocks, here's a saying: Spring forward, fall back.

5 (1)

You rated this post out of 5. Change rating

2007-10-17

216 reads

SQLServerCentral Editorial

Software is Like Building a House

One of the really classic analogies in software is that it's like building a house. You have a foundation, multiple teams, lots of contractors that specialize in something, etc. And it's an analogy that's debated as to its relevance over and over. I won't go into the correctness of this analogy, but I wanted to comment on it.

You rated this post out of 5. Change rating

2012-10-08 (first published: )

331 reads