Skip to main content
Article
SQL Injection - Threats to Medical Systems: The Issues and Countermeasures
ECU Publications Pre. 2011
  • Craig Valli, Edith Cowan University
Publication Date
1-1-2006
Document Type
Conference Proceeding
Publisher
CSREA Press, U.S.A.
Faculty
Computing, Health and Science
School
Computer and Information Science, Centre for Security Research
RAS ID
5000
Comments
This article was originally published as: Valli, C. (2006). SQL Injection - Threats to Medical Systems: The Issues and Countermeasures. Proceedings of World Congress in Computer Science, Computer Engineering, and Applied Computing. (pp. 421-425). Las Vegas, Nevada. CSREA Press, U.S.A. Original article available here
Abstract
A vast majority of medical information systems use Standard Query Language databases (SQL) as the underlying technology to deliver medical records in a timely and efficient manner. SQL is a standardised and well entrenched database technology, which allows for the development of robust, customised applications for information management. In recent years, SQL has been used as the back-end to many successful web client accessible applications. The use of SQL in this manner has been greatly enhanced through the development of server side scripting languages such as Microsoft ASP and open source systems such as PHP. These allow for the representation and extraction of data from a database and have a range of manipulation and display possibilities allowing a developer a rich tapestry of options. However, these scripting languages have enabled the ability for malicious users to directly modify, manipulate or destroy SQL databases. In addition to those server side scripting language problems there is also malicious software in the form of worms specifically targeting SQL databases.
Disciplines
Citation Information
Craig Valli. "SQL Injection - Threats to Medical Systems: The Issues and Countermeasures" (2006)
Available at: http://works.bepress.com/craig_valli/83/