Unfamiliar territory

As a security analyst, engineer, or CISO, there are so many aspects of the field that require immediate attention that one cannot possibly know everything.  Some of the common areas of security knowledge include topics such as where to place a firewall, configuration and patch management, physical and logical security, and legal and regulatory concerns. 

However, learning about an unfamiliar topic can not only serve to enhance your awareness, giving you another tool towards better protecting your organization, but it can also keep the job fresh and interesting. In an effort to fulfill this goal, let’s examine a topic that is often overlooked in InfoSec study guides: Stored Procedures.

A Crash Course

Structured Query Language (SQL) is found in almost every organization. It’s been around for years and will be around for decades to come. It’s the indigenous language of the resident database and the most effective way to define and manipulate relational data within it.

A stored procedure is a subprogram/routine available to applications that access a relational Database Management System (DBMS). You may also see references to stored procedures under the following abbreviations: proc, storp, sproc, StoPro, StoredProc, StoreProc, sp, or SP. 

Server stored procedures are used to group one or more Transact-SQL statements into logical units. The stored procedures are then stored as named objects in the SQL Server Database Server. A major advantage of stored procedures is that they can run directly within the database engine. These procedures are typically stored in the database data dictionary.

The Why and How

There are definite advantages to using stored procedures. First and foremost, they are the most efficient way to communicate with a database. They are also a great way to build robust services with unrivaled performance, adding a whole new level (Read more...)