First of all, that you are concerned about security is a good thing. If more people took security seriously, we would likely have to spend less time on patching security issues, and have more time to produce better systems-but I digress there.

Reading your post, does (a) the BizTalk XML system send the output and send it to the script(s), or (b) are they using that (possibly on a different system) and posting the results to your scripts? If the former, then one thing would be to insure that the data is coming only from that system, not from anywhere else.

It sounds more like the case is the latter, though, in which case my feeling would be to perhaps have it act as a filter to check the data against some form of template to make sure all necessary fields exist, and that the data is of a type appropriate for each field (alphanumerics where expected, no alphabetics in numeric-only fields, or numerics in alphabetic-only fields, etc.) and reasonable.

Hopefully other, more experienced monks can provide you better or more detailed suggestions. In any case, good luck in your search for this knowledge.

In reply to Re: How to protect backend DB from hacks or accidents by atcroft
in thread How to protect backend DB from hacks or accidents by ajt

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.