Author - Bill Karwin

News Flash: SQL Injection Still a Problem

The threat of SQL injection has appeared prominently in the news recently:

An SQL injection vulnerability resulted in an urgent June bugfix release of Ruby on Rails 3.x.  Make sure you upgrade if you use Rails 3.0, 3.1, or 3.2!  Also you should disable mass assignment in any Rails project.
Yahoo! Voices was hacked in July.  The attack […]

Read more

Eventual Consistency in MySQL

We’re told that foreign key constraints are the best way to enforce logical referential integrity (RI) in SQL, preventing rows from becoming orphaned.  But then we learn that the enforcement of foreign keys incurs a significant performance overhead.1,2
MySQL allows us to set FOREIGN_KEY_CHECKS=0 to disable enforcement of RI when the overhead is too high.  But […]

Read more