[WEB SECURITY] SQL injection and N tier Architecture
Mcgregor, Robert Todd (Rob)
robert.t.mcgregor at verizon.com
Mon Feb 4 20:11:11 EST 2013
Consider:
http://searchsecurity.techtarget.com/tip/Separation-of-duties
http://www.cpd.iit.edu/netsecure08/ROBERT_RANDELL.pdf
"We can't solve problems by using the same kind of thinking we used when we created them." - Albert Einstein
-----Original Message-----
From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Infosec
Sent: Monday, February 04, 2013 6:59 PM
To: Jim Manico
Cc: websecurity at lists.webappsec.org; Phillip Gonzalez
Subject: Re: [WEB SECURITY] SQL injection and N tier Architecture
I know SQL injection is code issue.
The purpose of my question is, why three tiers is more secure than two tiers?
What three-tier will protected me from?
Than you all.
On Feb 5, 2013, at 3:51 AM, Jim Manico <jim at manico.net> wrote:
> I second that notion.
>
> https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
>
> - Jim
>
>> You are barking up the wrong tree. SQL injection is a coding issue, tell your devs to use parameterized queries.
>>
>> -phil
>> @bsdwiz
>>
>> On Feb 4, 2013, at 4:56 PM, Infosec <infosecm at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I need to know how the different architecture will effect on application security.
>>> For example:
>>>
>>> A. Web server and Database server
>>> B. web server , Application server and Database server
>>>
>>> How much the above architectures secure from SQL injection?
>>>
>>> I know multi-tier is more secure, but I need more explination.
>>> Multi-tier is more secure, but still doesn't prevent SQL injection, isn't?
>>>
>>>
>>> Regards,
>>> _______________________________________________
>>> The Web Security Mailing List
>>>
>>> WebSecurity RSS Feed
>>> http://www.webappsec.org/rss/websecurity.rss
>>>
>>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>>
>>> WASC on Twitter
>>> http://twitter.com/wascupdates
>>>
>>> websecurity at lists.webappsec.org
>>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
More information about the websecurity
mailing list