Database Reference
In-Depth Information
protection techniques are based on scanning input signature and we demonstrated (very
briefly though) that IDS methods can be disabled and bypassed. The deceptive complexity
of data abstraction levels should not hoodwink you—most serializers/marshallers are de-
signed to transport data from the XML to the SQL column without changes (that's their
sole purpose) and security is not their responsibility.
Does this mean that message screening is futile? No, even 50 percent positive catches is a
positive thing, and we really could reach higher numbers. Just remember, defense is com-
plex. How? Secure Gateway (Oracle and most of others) is an ESB by design. So, we ba-
sically have two ESBs and you can add an additional XSD check on OSB as well. Make
sure that the only option your attackers have is a blind injection. Let's make their life
harder. What else can help us? The following are the most effective measures for consid-
eration:
• As already mentioned, use prepared statements. But remember, all data in the
statement binding must be parameters. If in addition to that, you construct your
statement as a concatenation of a string, you're just invite trouble.
• Oracle SG (inherited from Vordel) uses nonstandard XSD parsers. Surely, non-
standardization is not a guarantee of protection, but at least, it will give attackers
a hard time. By the way, the same algorithm is used in Intel ESG, which is also
quite secure, so it's double-checked.
• Simple and restricted inputs are easier to scan. That is, the input of 10 digits is
much easier to protect than a car's VIN. Yes, that's not always the case, but you
can work on Canonical Data in order to minimize the impact on security.
work
, which is capable of dynamically executing any SQL statement, should be
considered insecure and you should never contemplate using it for externally ex-
posed compositions. Actually, we mentioned this when we discussed its design
and clearly stated that, ideally, every adapter will be individually tailored to the
wrapped application. Generic Adapter (Adapter Factory) is a pattern aimed at the
reduction of similar adapters in front of ESB. Still, it can be secured—a statement
can be prepared (and presented as a procedure call), and input parameters can be
thoroughly sanitized (that's how it works in CTU—lengths and types are strongly
restricted). Still, the main rule is to use it only for internal services and hide all
composition behind Secure Perimeter.
Tip
Combined together, the preceding measures can give quite a level of protection. Amaz-
ingly, there are still a lot of developers who produce tons of JAVA code such as
State-
Search WWH ::
Custom Search