Dangers of SQL{2}


by Mike Y

The article goes over an incident where men stole credit card numbers and explains what SQL injections are. One Miami resident and two Russian men  were sentenced to 17-25 years in prison for stealing 130 million credit card numbers from Heartland Payment Systems. By using a SQL injection, they scammed the company out of $4 million. The article explains that an SQL injection embeds SQL commands or queries masked as a username. It goes on to say that SQL injections tend to target businesses and other organizations. A way to prevent it is to not accept SQL statements directly and instead to use “parameterized statements.”
It is related to our class because SQL is a core aspect of databases. It would have to be robust to allow for flexibility in managing data and yet secure so that unauthorized access is prevented. Companies have to decide on which language of SQL to use for their databases. They have to consider security, flexibility, ease of use, and cost among other things. As systems get more complex, it will take an increasing amount of effort to make it secure.
As our society increases the use of computers, and, therefore, databases, especially cloud computing, companies will have to invest more in to security. Any kind of breach like in the article would be completely unacceptable to companies like Amazon or Paypal. Although it may not be the company’s fault, they would still lose millions of dollars and the trust of many customers on top of the money lost. I think the consumer would have to start accepting that fraud or information stolen is going to be a constant threat.Albanesius, C. (2010, May 1). Inside the biggest online theft case. PCMag, Retrieved from http://www.pcmag.com/article2/0,2817,2363293,00.asp