Brian Johnson (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} brianjo) wrote,@ 2003-06-13 22:50:00 |
|
Security is getting to be everyone's job at work. Today, this e-mail was sent out by content manager Matt Lusher to the publishing teams at MSDN.
"I was just fixing a security issue with sample code in a technical article today and realized it’s the second time in the past couple of weeks I’ve found such things in articles or standalone code samples. In both instances, the author demonstrated connecting to a SQL database using the sa login with no password. It seems that lots of people think it’s no big deal to do this in sample code, on the theory that the login is not integral to the point they’re making, and of course any real programmer knows not to do this in a production application. Well, as we know, our audience is not so universally hip to security issues, and tends to cut and paste code directly into their apps without thinking about it at all. Upshot: we need to be diligent about looking for security issues, as best we can identify them, when we review articles and code, and make sure we don’t allow MSDN to unwittingly advocate unsafe coding practices. "
People here are serious about this stuff, and that's a very good thing. If you notice security issues in an MSDN article, please take a minute to hit that Contact Us link at the bottom of the page and let us know.
"
People here are serious about this stuff, and that's a very good thing. If you notice security issues in an MSDN article, please take a minute to hit that Contact Us link at the bottom of the page and let us know.
