How to Write Injection-Proof SQL : In focus

Technologies that
Bring Peace of Mind

Subscribe to Newsletter:

Online
technical Help
and Support

Live support

Have a question?
Call us Toll-Free at:
1-877-ANTISPY
1-877-2684779
+44-207-099-2078

More contacts

Subscribe to our
RSS feed

In focus

How to Write Injection-Proof SQL

October 16, 2008 14:56

It's about time someone wrote this paper:

ABSTRACT

Googling for "SQL injection" gets about 4 million hits. The topic excites interest and superstitious fear. This whitepaper dymystifies the topic and explains a straightforward approach to writing database PL/SQL programs that provably guarantees their immunity to SQL injection.

Only when a PL/SQL subprogram executes SQL that it creates at run time is there a risk of SQL injection; and you'll see that it's easier than you might think to freeze the SQL at PL/SQL compile time. Then you'll understand that you need the rules which prevent the risk only for the rare scenarios that do require run-time-created SQL. It turns out that these rules are simple to state and easy to follow.

Link: http://www.schneier.com/blog/archives/2008/10/how_...

All news for January 5, 2009

22:56	Schneier on Security: FBI's New Cryptanalysis Contest
22:03	Steve Riley on Security: Poll: do you use scheduled scans for malware?
18:22	Martin McKeay: Four information points on Twitter phishing
14:34	Schneier on Security: Trends in Counterfeit Currency

All news for January 3, 2009

00:49	Schneier on Security: Friday Squid Blogging: Climate Change Affects Squids
00:08	Schneier on Security: Friday Squid Blogging: Squid Attacks ROV

All news for January 2, 2009

20:17	Schneier on Security: Another Recently Released NSA Document
18:13	Martin McKeay: Welcome to 2009
14:42	Schneier on Security: Software Security

Keywords: how, to, write, injection-proof, sql

All news for January, 2009

All news for 2008

All news for 2009