Musings on Database Security

I guess this is somewhat ironical. At least it was nothing simple as in-band SQL Injection via errors or directly. It just goes to show you that any site can be vulnerable to attacks, even guys that write DB engines for a living. On the other hand, I’m sure that the sites were not created by the same guys who work on the database.

The answer to SQL Injection is very simple – use BIND VARIABLES, for Pete’s sake. It will cover 99% of your use-cases and for the other 1%, consider the security implications!

After OEMing our products for 6 months, it seems McAfee agrees that we are doing something important and they want a bigger part of it.  Actually, they want all of it.

As a founder, this is an exciting time for me. It’s a mixed feeling of pride, joy and a bit of sadness. Somewhat similar to your baby leaving home for college (I’d imagine, did not experience it yet). We’ve put huge amounts of time and effort into making what we think is a great product that will help a lot of people.  Now we have the opportunity not only to bring database activity monitoring to more people, but to make the product even better.

I’d like to thank the wonderful Sentrigo employees who made this a reality due to their hard work and dedication. We will continue and build bigger, better solutions for database security!

On a personal note, at least my commute will not change. I can see the McAfee building from my office window just across 101

A blog entry I’ve written is published here.