Helpful Tips for Developers on Fighting SQL Injection
Michael Coles wrote a nice little tips article for SQLServerCentral.com on doing your best to fight SQL Injection.
As a developer you probably already have many little tricks in your toolbag to fight these pesking predators. It certainly doesn’t hurt to see another coder’s ideas.
Here’s a quick exerpt -
For many years now, SQL Injection attacks on large corporate websites have been highly publicized. Several articles around the Web have described what an injection attack is, how it works, and the basics of how to defend against it. A couple of very good articles here at SQL Server Central also delve into this topic (SQL Injection by Christoffer Hedgate and SQL Injection – Part 1 by Randy Dyess).So why did I feel the need to write another article on SQL Injection? For three reasons:
1. The good work by Mr. Dyess and Mr. Hedgate offer code samples and examples for ASP. I felt that a sample pertaining to ASP.NET, for those without the ASP background, was in order.
2. These two authors focus on using parameterized queries; and in the case of Mr. Hedgate, validating user input. Excellent advice all around, but I feel there are other lines of defense which should be addressed as well.
3. Finally, no matter how many SQL Injection articles are posted around the Web, DBA’s and developers continue to post highly exploitable code samples to newsgroups and discussion boards.
In this article, I hope to build upon the good work of Mr. Hedgate and Mr. Dyess, and provide updated samples as well as a more complete defensive strategy for dealing with SQL Injection.
Get Michael’s full Update SQL Injection article here.
If you like this post, please donate to support our volunteer bloggers.
Sun Completes the MySQL Buy Out
Sun Microsystems completed its buy out of MySQL today. The final price turned out to be $1 billion including $800 million in cash and $200 million in Sun stock. Not a bad deal for the little open source data system.
See more info on the purchase and more of Sun’s near-term focus here.
If you like this post, please donate to support our volunteer bloggers.
-
Recent
- JASE Group Signs NorfolkNavyHomes.com Partnership Agreement with John Berger, Inc.
- JASE CEO Talks to LinuxWorld.com on Linux and Virtualization
- JASE Group Announces Come2HamptonRoads.com Web Hosting & Statistical Reporting Agreement with John Berger, Inc.
- New Job Board introduces Job Seekers to Recruiters through Social Networking
- Project Green Electronics Recycling Event
- JASE CEO Talks Maintaining the Brand in Baseball
- New JASEzone Updates Features
- We’re hiring!
- Microblogging Debate Gone Wild
- Computer Repair & Network Support – JASEtech Support
- Social Media IT – People. Places. Together. On a Solid Platform!
- ICANN’s Expansion in gTLDs Approved
-
Links
-
Archives
- October 2008 (5)
- August 2008 (1)
- July 2008 (5)
- June 2008 (2)
- May 2008 (3)
- April 2008 (6)
- March 2008 (10)
- February 2008 (3)
- January 2008 (1)
- December 2007 (1)
- November 2007 (1)
- October 2007 (4)
-
Categories
-
RSS
Entries RSS
Comments RSS
