@@ERROR = 0 for Bill Graziano

Posted: March 10, 2010 in Uncategorized

I am really excited about the most recent chapter that I reviewed in the Deep Dives book. I think what I like about this the most is the fact that this is something that attracts a lot of attention. There are some things that you can do to help avoid SQL Injection that are not directly related to security. Here is a clip from the review, to read the rest check it out here.

NEWSFLASH…

If you are just passing back your errors to an application or even worse a web page you are putting your database in jeopardy. Think of it like this… If an error is passed back to a web page have you not just validated what is not acceptable to your database? If you have validated what is not acceptable then is the reverse true, when you look at what is acceptable? So could someone just sit there and try different options and until they have a successful injection attack?

Maybe this is Extreme, Maybe

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s