Helpful Tips for Developers on Fighting SQL Injection

Michael Coles wrote a nice little tips article for SQLServerCentral.com on doing your best to fight SQL Injection.

As a developer you probably already have many little tricks in your toolbag to fight these pesking predators. It certainly doesn’t hurt to see another coder’s ideas.

Here’s a quick exerpt -

For many years now, SQL Injection attacks on large corporate websites have been highly publicized. Several articles around the Web have described what an injection attack is, how it works, and the basics of how to defend against it. A couple of very good articles here at SQL Server Central also delve into this topic (SQL Injection by Christoffer Hedgate and SQL Injection – Part 1 by Randy Dyess).So why did I feel the need to write another article on SQL Injection? For three reasons:

1. The good work by Mr. Dyess and Mr. Hedgate offer code samples and examples for ASP. I felt that a sample pertaining to ASP.NET, for those without the ASP background, was in order.
2. These two authors focus on using parameterized queries; and in the case of Mr. Hedgate, validating user input. Excellent advice all around, but I feel there are other lines of defense which should be addressed as well.
3. Finally, no matter how many SQL Injection articles are posted around the Web, DBA’s and developers continue to post highly exploitable code samples to newsgroups and discussion boards.
In this article, I hope to build upon the good work of Mr. Hedgate and Mr. Dyess, and provide updated samples as well as a more complete defensive strategy for dealing with SQL Injection.

Get Michael’s full Update SQL Injection article here.

If you like this post, please donate to support our volunteer bloggers.

March 24, 2008 Posted by jaselabs | Databases, Programming | ASP, ASP.NET, DBA, SQL injection, SQL Server | No Comments Yet

Voice your Opinion and Add Suggestions on Ubuntu Linux

The official Ubuntu website is conducting a brainstorming session in which anybody can participate. Ever wish there were a particular feature or wish one functioned more efficiently?

Suggest a new (or upgrade to a) feature by creating an account at the Ubuntu Brainstorm website and then submitting your wish. Other visitors to the site can then vote on your wishes.

Ubuntu is saying if your wish receives a number of votes to deem it top popular, then it will have a very good chance of getting integrated in the next release.

Current most popular ideas that were submitted -

• Play button should change to pause button on Rhythmbox.
• OpenOffice Documents Thumbnails in Nautilus.
• Improve speed of the thumbnail feature in Nautilus.
• Compiz Effect Preview.
• Window previews for closed windows (compiz fusion).

If you like this post, please donate to support our volunteer bloggers.

March 12, 2008 Posted by jaselabs | Programming, Technologies | Linux, Ubuntu | 1 Comment