
	Home > Ask the SQL Server Experts > Archive: Security Questions & Answers > Avoid SQL injection with these best practices

Ask The SQL Server Expert: Questions & Answers

EMAIL THIS

Avoid SQL injection with these best practices

EXPERT RESPONSE FROM: Steven Andres

		Pose a Question

		Other SQL Server Categories

		Meet all SQL Server Experts
		Become an Expert for this site

Expert advice on database administration

Digg This! StumbleUpon Del.icio.us

QUESTION POSED ON: 11 May 2006
Can you offer best practices to avoid SQL (Server) injection?

Some sound advice on the subject can be found at SQLSecurity.com. The Web site is run by Chip Andrews, the fellow who coined the phrase "SQL injection." Most of the advice follows a repeating battle cry: Sanitize all data coming in to your application (whether from human input, browser user-agent strings or cookies). Validate that when you're expecting a numeric, you receive a numeric. Most of it is simple once you get the hang of it, but it's a pain when you're trying to whip out a quick Web application. The trouble is quick Web apps tend to grow into enterprise mission-critical systems. Things that didn't seem important when you were making a quick little program to track jelly beans (such as data input validation) become monstrous issues when your application controls the worldwide inventory of a Jelly Bean factory. Here are some additional resources to help you prevent SQL injection attacks:

Automate SQL injection testing

Checklist: How to test SQL Server security

Discover and lock down vulnerable SQL Server services

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Archive: Security
	Creating a SQL Server user authentication schema
	Could a join of encrypted SQL Server data have a problem?
	SQL Server connection lost when SA password is changed
	How to set SQL Server password for SA login
	Creating a login in SQL Server 2000 Enterprise Manager
	Code to connect SQL Server 7.0 to Visual Basic 6.0
	Set SQL Server password on database in version 7.0
	Solve SQL Server permissions and authentication problems
	Create username and password for new SQL Server database
	Recover password in SQL Server 2000

SQL Server Security

Password cracking tools for SQL Server

Meet compliance requirements with improved database security practices

Hardening the network and OS for SQL Server security

Securing the server and database in SQL Server

SQL Server security made simple and sensible

Blog: Protect your databases from the internal threat

Setting up SQL Server Service Broker for secure communication

The keys to database backup protection for SQL Server

Understanding transparent data encryption in SQL Server 2008

The fine line between not encrypting your databases and breach notification

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

data corruption (SearchSQLServer.com)

data hiding (SearchSQLServer.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SQL Solutions - SQL Database Design

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2005 - 2009, TechTarget \| Read our Privacy Policy