SQL in the Cloud Announced Today; SQL Injection in the Cloud to Follow
Zoho has announced CloudSQL for using SQL to query data in Zoho hosted applications. This a plus for developers who just need to take care with crafting queries.
The announcement outlines some of the advantages of Zoho CloudSQL:
1. It's the first technology that allows customers to interact with their data on the cloud, from another cloud application or from an on-premises one through real SQL.2. It supports multiple SQL dialects. We support all the major (and even some not so major) ones: ANSI, Oracle, SQL Server, IBM DB2, MySQL, PostgreSQL and Informix.
3. With our JDBC/ODBC drivers, developers can access data in the cloud just as easily as if it were stored in a local database.
As you can imagine, developers can invoke SQL queries using HTML like (more details here):
http://reports.zoho.com/api/demouser/StoreSales?ZOHO_ACTION=EXPORT&ZOHO_OUTPUT_FORMAT=CSV&ZOHO_ERROR_FORMAT=XML&ZOHO_API_KEY=hewfdrbgs&ticket=gsssds&ZOHO_API_VERSION=1.0
with a POST parameter like:
ZOHO_SQLQUERY=SELECT "Date", "Region", "Customer Name", "Sales" FROM "Sales" where year("Date") = 2008 AND Sales > 100
How applications build those strings and parse and cleanse user input can make a big difference in susceptibility to SQL injection attacks.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
