SQL Injection: Knowledge Prevents Problems
September 14, 2011
Our modern lives are controlled by databases: health records, financial records, education records, and online search. Even when you are not personally interfacing with a database, there is usually one behind the scenes controlling your enrollment, appointment time, or access to any given record. SQL is a computer database language used to write or create such databases and is vulnerable to hacking through a technique called SQL injection.
SQL injection exploits a security vulnerability in the database layer of an application, like queries. It’s considered one of the top 10 web application security vulnerabilities. Our culture of free access to information can be used for good or for evil. One example is this SQL Injection Pocket Reference.
Freely available on the Web, this pocket guide explains the ins and outs of SQL injection. The author could argue that this guide helps creators build more secure databases by recognizing mistakes in the framework or areas of weakness. However, a stronger argument could be made that such a reference is more of a “hacking for dummies” guidebook than anything else. Anyone who’s ever suffered an email or bank account hack would like to see such information be a little harder to find.
We are not fans of hacker related information or the hacker ethos. Information can prevent missteps. We suggest you consider learning about SQL injection and then double checking that you are not vulnerable.
Emily Rae Aldridge, September 14, 2011
Sponsored by Pandia.com, publishers of The New Landscape of Enterprise Search
Comments
One Response to “SQL Injection: Knowledge Prevents Problems”
-
- Subscribe to Beyond Search
Feature archive
News archive
-
[…] SQL Injection: Knowledge Prevents Problems (arnoldit.com) Share this:FacebookPrint & PDFTwitterRedditLinkedInStumbleUponDigg […]