…it doesn’t mean they’re not all out to get you !
No, this isn’t sage advice for the new manager of the England Football Team ( although Mr Hodgson will surely come to appreciate it’s wisdom in the very near future), but rather something to be mindful of when writing database code.
In my experience, there can be a worrying complacency among database developers when it comes to Security.
It’s as if they feel that their code is invulnerable, protected by that firewall thingy and inaccessible to those unsavoury types who want to crack their system and uncover the goodies therein.
Sometimes, it gets to the point where I begin to wonder, is it just me who worries about this sort of thing ? Am I just being a bit too paranoid ?
Of course, there are a multitiude of techniques to exploit vulnerable code from either side of the firewall.
From the outside, there’s always the prospect of SQL Injection ( among many others).
Even within an organisation, there’s the possibility that someone may just be a little bit curious .
So, it’s comforting – to me at least – to know that either I’m not totally paranoid, or if I am, I’m in good company.
First off, this post from Jeff Kemp made me smile.
The whole question of just who might be trying to get access to your data is covered very nicely
in this presentation from Alexander Kornbrust.
In it, Alex identifies 5 categories of attacker. Three of these categories will have access to the target
system from inside the firewall.
On the subject of mental instability, it’s that time of year again. Yes, Luton are in the play-offs so I will be offering Simon the usual moral support…whilst trying not to think about West Ham’s prospects against the mighty Cardiff.
Ironically, Luton are also up against Welsh opposition in Wrexham.
It may be my rampant paranoia, but I get the distinct impression that Deb is already sharpening her rapier wit in anticipation.