I have written many times that we need to improve the security of our systems. We should be adhering to best practices, and limiting access where we can, and most of all, forcing all developers and DBAs to write better code that limits the security vulnerabilities, especially for SQL injection. Apparently we are getting better, according to a recent White Hat survey, which found a dramatic decline in the vulnerabilities that are on the sites they monitor. There are still issues, but fewer of them.
I think that the increased press and attention given to attacks, as well as the focused efforts of hackers are forcing companies to pay more attention to security. I hope this translates into more testing, better training and more careful deployments rather than the haphazard, slap-dash approach that many companies have taken. It’s great that companies can change their look and feel, adding new features and flashy images, but they need to include secure coding efforts and careful review along with everything else.
Personally, I’d like to believe that developers are getting better about coding in a secure manner, using the patterns and practices that will limit SQL injection or other vulnerabilities. They see the headlines and are spending time working on their coding skills, particularly in the security area. I hope that’s the case, and that we are maturing our industry into one that is making fewer and fewer mistakes as we build new applications.
The Voice of the DBA Podcasts
We publish three versions of the podcast each day for you to enjoy.