Chapter 8. Securely Accessing Databases
At some point, it is likely your Web application will need to use a database. And, as soon as you introduce a database, you introduce a new a set of potential vulnerabilities.
In this chapter you will learn about the following:
How simple data queries can expose your data
How to safely query databases
How to secure your SQL Server database
Because this book is firmly focused on ASP.NET and the Microsoft technology stack, the SQL injection attacks are demonstrated on Microsoft SQL Server. However, nearly all database servers are vulnerable to injection attacks. The mitigations in this chapter are equally applicable to Oracle, PostgreSQL, and, to a lesser ...