[WEB SECURITY] SQL injection and N tier Architecture

Jim Manico jim at manico.net
Mon Feb 4 19:51:52 EST 2013


I second that notion.

https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet

- Jim

>  You are barking up the wrong tree. SQL injection is a coding issue, tell your devs to use parameterized queries.
>
> -phil
> @bsdwiz
>
> On Feb 4, 2013, at 4:56 PM, Infosec <infosecm at gmail.com> wrote:
>
>> Hello,
>>
>> I need to know how the different architecture will effect on application security.
>> For example:
>>
>> A. Web server and Database server
>> B. web server , Application server and Database server
>>
>> How much the above architectures secure from SQL injection?
>>
>> I know multi-tier is more secure, but I need more explination.
>> Multi-tier is more secure, but still doesn't prevent SQL injection, isn't?
>>
>>
>> Regards,
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org




More information about the websecurity mailing list