Comments on: Death of SQL Injection, long live SQL Injection http://blog.brianhartsock.com/2009/05/13/death-of-sql-injection-long-live-sql-injection/ The exciting life of a software developer and nerd Tue, 29 Nov 2011 22:19:28 +0000 hourly 1 http://wordpress.org/?v=3.3 By: bhartsock http://blog.brianhartsock.com/2009/05/13/death-of-sql-injection-long-live-sql-injection/comment-page-1/#comment-686 bhartsock Wed, 13 May 2009 15:29:20 +0000 http://blog.brianhartsock.com/?p=720#comment-686 I completely agree. I think my "silver lining" comment is too easy to misconstrue. I agree 100% with you Jay. I completely agree. I think my “silver lining” comment is too easy to misconstrue. I agree 100% with you Jay.

]]> By: Jay Faulkner http://blog.brianhartsock.com/2009/05/13/death-of-sql-injection-long-live-sql-injection/comment-page-1/#comment-685 Jay Faulkner Wed, 13 May 2009 15:13:54 +0000 http://blog.brianhartsock.com/?p=720#comment-685 Something being "non-standard" shouldn't be a security benefit. No matter what the interface -- whether it's easy to discern attack vectors or not -- user data should always be sanitized against attack. Most companies need only worry about "script kiddie" type of attacks, but as a company gets larger, and becomes a more attractive target, there will be people who specifically target that company -- at which point even non-predicatable parts of your system may open themselves up wide for attack by a patient cracker. Something being “non-standard” shouldn’t be a security benefit. No matter what the interface — whether it’s easy to discern attack vectors or not — user data should always be sanitized against attack.

Most companies need only worry about “script kiddie” type of attacks, but as a company gets larger, and becomes a more attractive target, there will be people who specifically target that company — at which point even non-predicatable parts of your system may open themselves up wide for attack by a patient cracker.

]]>