The Global Hebrew Virtual Group is an online gathering place for Data Platforms experts and users to discuss in Hebrew language.

Sign in to Subscribe

Meeting Details

Advanced Dynamic Search Queries and How to Protect Them, by Eitan Blumin (15:00 Israel time)

Tue, Apr 30 2019 12:00 UTC

Advanced Dynamic Search Queries and How to Protect Them

No, it’s not yet another presentation about SQL injection. We all know how to protect from SQL injections already. But that’s only relevant when you know in advance which columns can be queried by the user and using what kind of operators (“equals”, “like”, “between”, etc.). Instead, what I really want to talk about is when you actually don’t know in advance which parameters to expect, you don’t know in advance the chosen operator to use per each parameter, and you actually want to give the user truly full unlimited control over search criteria. We’ll discuss different methods of achieving advance scenarios, the pros and cons of each, and most importantly: How do you do it without fear of malicious attacks.

Eitan Blumin

Eitan Blumin is a SQL Server Database Expert with more than 13 years of experience in all fields relating to Microsoft SQL Server databases. Currently working as a senior SQL Server Consultant at Madeira Data Solutions. Other than his day-to-day consultant work, he also writes professional materials for the SQL Server community, delivers professional presentations and courses, and serves as a pivotal source of expert knowledge for the Madeira team.

Back to Top