Punishment vs. PreventionDec 05, 2008, 21:33 (2 Talkback[s])
(Other stories by Jim Sansing)
[ Thanks to JJS for this link. ]
"The truth is, much of the problem is technological. SQL injection attacks are an example. Currently, every application programmer is expected to parse input for this. But many application programmers hardly know what a database is, much less how to protect against all the possible variations of SQL injection. The ones who do know that are the database developers. Therefore, the security community should be calling for all xDBC libraries to include methods to validate input for applications.
0 Talkback[s] (click to add your comment)