Chapter 12. Database Input Issues

Many applications, especially Web-based applications, store persistent data in databases. In fact, so many Web-based applications and XML Web services use databases that it’s difficult to talk about one without discussing the other. Therefore, in this chapter I’ll discuss database issues primarily with regard to database Web applications. (Chapter 13, will focus on pure Web security issues that have nothing to do with databases but plenty to do with trusting input!) And I’ll focus on one core subject—input trust issues that lead to SQL injection attacks—but before I do, I need to tell you a story.

In November 2001, I presented two papers at the Microsoft Professional Developer’s Conference in Los Angeles. The second ...

Get Writing Secure Code now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.