THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Allen White

SQL Injection

I've been teaching a class called SQL Server 2008 for the Oracle DBA in a number of cities in the US and Canada. I helped build the class last summer and it's truly enjoyable to bring the technology of Microsoft SQL Server to people whose careers have kept them focused on Oracle.

What scares me is the number of DBAs with decades of experience who've never heard of SQL Injection attacks. In one class just two of twelve DBAs had ever heard of SQL Injection.

The important thing to remember is that SQL Injection attacks aren't just limited to Microsoft SQL Server - they're just as prevalent on other database platforms, including Oracle, DB2, MySQL, ProgreSQL, etc. It's also important to understand that it's not just externally facing applications that are of concern. Your company's systems are probably more likely to be hacked by someone inside your organization than from the outside. (Disgruntled employees are disgruntled, to use a current Farkism.)

Here are a couple of sites to learn more about SQL Injection:

SQL Injection - SQL Server Books Online
SQL Injection - Wikipedia

I'm sure a quick look using your favorite search engine will return a long list of sites explaining the issue and ways to prevent it. For your own sake, please understand this problem and help your organization build protections against it.


Published Saturday, February 21, 2009 3:09 PM by AllenMWhite



aspiringgeek said:

SQL Server for the Oracle--now that's funny right there I don't care who you are.  

We can't share too much good information about SQL injection--except of course with the injectors.

As much fun as it is to build robust systems, optimize code, etc., it truly is a thrill to teach to a receptive, appreciative crowd.  Congrats.

February 21, 2009 2:46 PM

daveballantyne said:

March 10, 2009 8:06 AM
New Comments to this post are disabled

About AllenMWhite

Allen White is a consultant and mentor for Upsearch Technology Services in Northeast Ohio. He has worked as a Database Administrator, Architect and Developer for over 30 years, supporting both the Sybase and Microsoft SQL Server platforms over that period.

This Blog


Privacy Statement