I pretty much stick to performance related issues and know very little of security, except that I prefer to enforce security at the boundaries instead of on the SQL Server itself. Its just after 5pm, and I came across this article, which eventually leads to SQL Injection http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html
SQL Injection has already been widely discussed, but after reading this, my policy will now be to refuse any engagement on systems still using direct SQL with an open web interface.
Comment Notification
If you would like to receive an email when updates are made to this post, please register here
Subscribe to this post's comments using
About jchang
Reverse engineering the SQL Server Cost Based Optimizer (Query Optimizer), NUMA System Architecture, performance tools developer - SQL ExecStats, mucking with the data distribution statistics histogram - decoding STATS_STREAM, Parallel Execution plans, microprocessors, SSD, HDD, SAN, storage performance, performance modeling and prediction, database architecture, SQL Server engine