Linux Today: Linux News On Internet Time.

Database Security

Mar 18, 2009, 22:32 (1 Talkback[s])
(Other stories by Jim Sansing)

[ Thanks to JJS for this link. ]

"I don't disagree with Taufiq's assessment. However, I do disagree with his acceptance of the status quo. I wrote a rant on this blog responding to a complaint that security professionals are not taken seriously. In it, I pointed out that the security industry should promote improving the security climate, not just react to it with solutions 'for a price'. The example I gave was *DBC libraries.

"The JDBC package, java.sql, does not supply any security parsing. This is not the real workhorse, but it should at least provide a method for this. Each database supplies a jar that java.sql classes call to access the specific database. This is where security parsing must be handled."

Complete Story

Related Stories: