• IBM Consulting

    DBA Consulting can help you with IBM BI and Web related work. Also IBM Linux is our portfolio.

  • Oracle Consulting

    For Oracle related consulting and Database work and support and Migration call DBA Consulting.

  • Novell/RedHat Consulting

    For all Novell Suse Linux and SAP on Suse Linux questions releated to OS and BI solutions. And offcourse also for the great RedHat products like RedHat Enterprise Server and JBoss middelware and BI on RedHat.

  • Microsoft Consulting

    For Microsoft Server 2012 onwards, Microsoft Client Windows 7 and higher, Microsoft Cloud Services (Azure,Office 365, etc.) related consulting services.

  • Citrix Consulting

    Citrix VDI in a box, Desktop Vertualizations and Citrix Netscaler security.

  • Web Development

    Web Development (Static Websites, CMS Websites (Drupal 7/8, WordPress, Joomla, Responsive Websites and Adaptive Websites).

19 January 2011

However: One is never as bad as others say you are, and never as good as you self think you are.

New Web 2.0 Techniques! Unfortunately, "Old Programming Errors".

05 January 2011

iFrames security risk

I was reading a message about iFrames security risk on a news webpage. It looks like embedding a website or content from a website, like youtube can only be done with a certain risk, when not taking care of programming practice quit carefully during development of the website, like in this case youtube. A search criterium can be injected through sql injection or cross website scripting if one doesn't take care of programming practice carefully.

There are several ways to prevent these kind of attacks:

- use the principal of least privilege
- use bind variables

There are several more options available to the programmer, some of which can be found on the code project website:

  • Encrypt sensitive data.
  • Access the database using an account with the least privileges necessary.
  • Install the database using an account with the least privileges necessary.
  • Ensure that data is valid.
  • Do a code review to check for the possibility of second-order attacks.
  • Use parameterised queries.
  • Use stored procedures.
  • Re-validate data in stored procedures.
  • Ensure that error messages give nothing away about the internal architecture of the application or the database.
The main message is, there were some unwanted videos in the youtube bar of my website, mainly because of some of these iFrame security vulnerabilities. Small alterations in the SQL query filtering can prevent a lot of these inconveniences.

Here is also a link to the Oracle site for a small explanation from Arap Nanda on this subject and the PHP Cookbook:


Adaptive Cursors and SQL Plan Management (Arap Nanda):


http://www.oracle.com/technetwork/articles/ullman-bindings-088836.html

Binding Variables in Oracle and PHP by Larry Ullman:
http://www.oracle.com/technetwork/articles/ullman-bindings-088836.html