This might be obvious, but after seeing this article, I wonder if it's the feeling of many executives. The article mentions that firms should be shifting their focus from network security to application security.
Meaning don't rely on a firewall, build more secure applications that prevent in-advertent access to data. Be aware of SQL Injection, be sure your developers know what it is, and then plan to prevent such attacks.
There will always be criminal elements that can outsmart us. But most people rely on poor security and common issues. There are way more "script kiddies" out there that can use an script or custom application to exploit and issue than can develop one and most of them search for easy targets. Each tiny step you take to increase your security means a huge absolute number of people that you drop off your potential attacker list. So taking a few small steps towards increasing security could go a long way.
And that means that you need to code more securely. There was a time when I saw a lot of buzz about secure coding, but lately I haven't seen many articles about it. And I continue to see questions about basic SQL Injection vulnerabilities. I've heard that at a few of the SQL Saturday and other events that the SQL Injection sessions are very well attended and quite a few people are still surprised about this vulnerability.
Maybe that should be a required CS class at all colleges.
The only way to get more secure code is for programmers to write more secure code. Regardless of the time, effort, or any other reason to avoid it, you should learn to write secure code, implement secure databases, and pass knowledge to others. Don't skimp on this one, very important, skill set in your career.
Steve Jones
PS: Vote for Service Pack 3 for SQL Server 2005. Right now there are no plans to release it. We need your vote so Microsoft will build it.
The Voice of the DBA Podcasts
The podcast feeds are now available at sqlservercentral.podshow.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
or now on iTunes!
- Windows Media Podcast - 25.6MB WMV
- iPod Video Podcast - 23.1MB MP4
- MP3 Audio Podcast - 4.8MB
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.