Dangers of SQL

by Mike Y

The article goes over an incident where men stole credit card numbers and explains what SQL injections are. One Miami resident and two Russian men  were sentenced to 17-25 years in prison for stealing 130 million credit card numbers from Heartland Payment Systems. By using a SQL injection, they scammed the company out of $4 million. The article explains that an SQL injection embeds SQL commands or queries masked as a username. It goes on to say that SQL injections tend to target businesses and other organizations. A way to prevent it is to not accept SQL statements directly and instead to use “parameterized statements.”
It is related to our class because SQL is a core aspect of databases. It would have to be robust to allow for flexibility in managing data and yet secure so that unauthorized access is prevented. Companies have to decide on which language of SQL to use for their databases. They have to consider security, flexibility, ease of use, and cost among other things. As systems get more complex, it will take an increasing amount of effort to make it secure.
As our society increases the use of computers, and, therefore, databases, especially cloud computing, companies will have to invest more in to security. Any kind of breach like in the article would be completely unacceptable to companies like Amazon or Paypal. Although it may not be the company’s fault, they would still lose millions of dollars and the trust of many customers on top of the money lost. I think the consumer would have to start accepting that fraud or information stolen is going to be a constant threat.Albanesius, C. (2010, May 1). Inside the biggest online theft case. PCMag, Retrieved from http://www.pcmag.com/article2/0,2817,2363293,00.asp

2 thoughts on “Dangers of SQL”

  1. I agree SQL injection can be very dangerous. If a person can hacked a credit card merchant it means they are potentially have all the information to the victim, which can relate to Identity Theft also.

  2. The amazing thing about this whole situation is that it is probably very undervalued. With the information that was stolen, it is going to be very hard to actually keep track of the “value” of the information that was taken that day.

Comments are closed.