Chapter 8. Securely Accessing Databases

At some point, it is likely your Web application will need to use a database. And, as soon as you introduce a database, you introduce a new a set of potential vulnerabilities.

In this chapter you will learn about the following:

  • How simple data queries can expose your data

  • How to safely query databases

  • How to secure your SQL Server database

Because this book is firmly focused on ASP.NET and the Microsoft technology stack, the SQL injection attacks are demonstrated on Microsoft SQL Server. However, nearly all database servers are vulnerable to injection attacks. The mitigations in this chapter are equally applicable to Oracle, PostgreSQL, and, to a lesser ...

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.