• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

SQL Injection Protection for Internal apps

We have a sql 2000 dbase that is the back end to internal browser based apps. They are not web based in the sense that they are not external apps on the web. They are behind a router/firewall. I have been reading a little about sql injection. Should I take any further precautions other than the firewall to protect against SQL Injection?
1 Solution
How big is your organisation? Which level of employees access the apps?

If it's a small organisation where the users have access to the data anyway, there is no point.
If it's a big organisation where the app is the only access users have to the data, I would be wary and put some measures in place.

It all really depends upon your situation......
Definitely. The firewall doesn't prtect against sql injection.
pabby061203Author Commented:
Hi and thanks for replying. Our situation is: a small business with about 20 operators who do not get direct access to the data - they data capture through a front end app. I am not really concerned about the operators. I am putting together a disaster recovery strategy with recommendations but don't know much about sql injection. Given my scenario, given that the sql dbase is an internal dbase server behind a firewall, what would your recommendations be to tighten up?

thanks again
If you reduce all app access to database through stored procedures, this should be more than enough for a small company internal app with trusted operators.
Ditto cmhunty's answer.  Grant execute access on procs to users and don't grant table access.  This mitigates the most glaring opening that somebody could connect to the database using something other than your app.

Protecting against sql injection is best accomplished by educating your developers about it.  Generally, it doesn't take extra work but it does take avoiding certain things.

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now