11
Mar
10

@@ERROR = 0 for Bill Graziano

 

Have you ever been working on a database that had no error handling and when new people came on board to work on the database it was a fight to get them to understand what you needed? Maybe you had a hard time explaining the best way to handle the errors. Any chance that you have a stored procedure template, that has the error handling somewhat built into it?

NEWSFLASH…

If you are just passing back your errors to an application or even worse a web page you are putting your database in jeopardy. Think of it like this… If an error is passed back to a web page have you not just validated what is not acceptable to your database? If you have validated what is not acceptable then is the reverse true, when you look at what is acceptable? So could someone just sit there and try different options and until they have a successful injection attack?

Maybe this is Extreme, Maybe it’s not. But is it possible? Are you helping the hackers by not controlling what they do or do not see when an error is passed back?

Your SQL Code needs to have error handling; this is one of many reasons why you should have it, but either way it needs to be in there. Now SQL Server has the TRY and CATCH commands to really help you in the way you handle errors. Bill Graziano does a great job of showing you not only how to use it but where the limitations are with TRY and CATCH. There is information on how to pass along custom errors so that people can tell when something is wrong with the data they have input. Image an error that looks like this:

‘Each Person needs a First Name’

Rather than

‘Cannot insert NULL value’

The Chapter wraps with how to even work with the errors on the client side. So if you are working in a location where they are not using error handling and they are passing along the errors without any concern maybe it is time to purchase the Deep Dives Book and hand it over to the ones developing the code. What is the worse that could happen?

Advertisements

2 Responses to “@@ERROR = 0 for Bill Graziano”


  1. March 11, 2010 at 1:48 pm

    Thanks for the kind words! And that’s a great title! I’m glad you noticed that my chapter had so many samples. That was intentional on my part. I always learn better when I can see the actual code.

  2. March 11, 2010 at 3:01 pm

    Hey Bill,

    Honored that you would read it. I loved the chapter and I am floored how many people just avoid using Error Handling all around.

    Chris Shaw


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Chapters

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 13 other followers