Comments on: Security Engineering http://www.greebo.net/2007/09/05/security-engineering/ mostly useless crap from me Wed, 07 Jan 2009 02:55:48 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Mark http://www.greebo.net/2007/09/05/security-engineering/comment-page-1/#comment-14589 Mark Wed, 03 Oct 2007 02:28:45 +0000 http://www.greebo.net/2007/09/05/security-engineering/#comment-14589 I'm curious about your thoughts on sql injection and at what level you should attempt to handle it... Let me explain. I interviewed a project manager before auditing the application belonging to him. When I asked him how they were handling sql injection, he told me 'at the stored procedure'. I was a little puzzled by this as usually the input validation is handled at the web server level. Do you see any problem with handling it at the database level? Thanks in advance, Mark I’m curious about your thoughts on sql injection and at what level you should attempt to handle it… Let me explain. I interviewed a project manager before auditing the application belonging to him. When I asked him how they were handling sql injection, he told me ‘at the stored procedure’. I was a little puzzled by this as usually the input validation is handled at the web server level. Do you see any problem with handling it at the database level?

Thanks in advance,
Mark

]]>