Chapter 12. Database Input Issues
Many applications, especially Web-based applications, store persistent data in databases. In fact, so many Web-based applications and XML Web services use databases that it’s difficult to talk about one without discussing the other. Therefore, in this chapter I’ll discuss database issues primarily with regard to database Web applications. (Chapter 13, will focus on pure Web security issues that have nothing to do with databases but plenty to do with trusting input!) And I’ll focus on one core subject—input trust issues that lead to SQL injection attacks—but before I do, I need to tell you a story.
In November 2001, I presented two papers at the Microsoft Professional Developer’s Conference in Los Angeles. The second ...
Get Writing Secure Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.