• Share
  • Email
  • Embed
  • Like
  • Private Content
Stored Procedures or No? Take Our Security Poll
 

Stored Procedures or No? Take Our Security Poll

on

  • 14,561 views

Why use stored procedures? ...

Why use stored procedures?
1. The stored procedure enforces parameters on data input from applications that can prevent damage from malicious code injected by a cyber thief or vandal.
2. They cache the execution plan.
3. They can improve your system performance.
A stored procedure gets executed in the same way as a pre-written SQL statement. The big difference being that the pre-written SQL statement will not discriminate about what kind of information gets entered into a field, only placing a variable.
In the case of placing a table full of valuable customer data, malicious code can be inserted instead.
Stored procedures allow you to bind input to a specific data type, so it will look for an actual date in a date field or expect text info rather than an integer in a name field – validating what’s going on in your database.
Stored procedures close an Achilles' heel in your system – protecting the point of vulnerability where code injection can occur.
There are few DBAs of developers who want to spend their day investigating where the point of penetration was while you sweat through backup and recovery mode.
The learning curve for using stored procedures is more than forgiving enough to justify DBAs and developers getting together on this issue.

Statistics

Views

Total Views
14,561
Views on SlideShare
14,543
Embed Views
18

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 18

http://www.toadworld.com 18

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Stored Procedures or No? Take Our Security Poll Stored Procedures or No? Take Our Security Poll Presentation Transcript

    • Global Marketing Stored Procedures or No? Take Our Security Poll Gabriel Villa SQL Server Professional SQL Server DBA Professionals
    • SQLDBApros I recently gave a SQLSaturday talk where I touched on the security advantages of using stored procedures. I was taken aback by the absence of this practice and by the general lack of interest in the topic. 2 Using stored procedures Much is made of the conflict points between the DBA and the developer. Some of these problems we will just have to live with, but there are others, such as security, where it is common sense for them to be on the same page.
    • SQLDBApros In this area of conflict, one of the lowest-hanging fruits in terms of collaboration is the use of stored procedures. Code injection attacks are the #1 security problem that your environment faces. As a DBA or a developer, it is in your best interest to advance this basic best practice with your team. 3 Using stored procedures
    • SQLDBApros 1. The stored procedure enforces parameters on data input from applications that can prevent damage from malicious code injected by a cyber thief or vandal. 2. They cache the execution plan. 3. They can improve your system performance. 4 Why stored procedures? What do you think? Take our quick poll on stored procedures
    • SQLDBApros A stored procedure gets executed in the same way as a pre-written SQL statement. The big difference being that the pre-written SQL statement will not discriminate about what kind of information gets entered into a field, only placing a variable. In the case of placing a table full of valuable customer data, malicious code can be inserted instead. Stored procedures allow you to bind input to a specific data type, so it will look for an actual date in a date field or expect text info rather than an integer in a name field – validating what’s going on in your database. 5 How stored procedures work
    • SQLDBApros Stored procedures close an Achilles' heel in your system – protecting the point of vulnerability where code injection can occur. There are few DBAs of developers who want to spend their day investigating where the point of penetration was while you sweat through backup and recovery mode. The learning curve for using stored procedures is more than forgiving enough to justify DBAs and developers getting together on this issue. 6 Achilles’ heel
    • SQLDBApros We’d love to hear from the SQL Server community. Click here to take our poll about stored procedures. We’ll address the results in a future post. 7 What’s your take?
    • Learn More View Gabe’s Original Post Take the Security Poll Follow Us on Twitter 8