0

I've been in security for a while now but I'm relatively new to privacy. I've been studying differential privacy and its application to databases. However I'm still a little confused about where security and privacy intersects. Security of a database involves protecting the confidentiality, integrity, and availability of the data stored within the database. However, privacy would just preserve confidentiality.

With that in mind, would a differentially private SQL database be relatively more secure from an SQL injection?

Improve this question

    1 Answer 1

    Reset to default
    2

    The problem with SQL injection is not how the data are stored in the database but that

    1. statements in the query language are code and data combined into a string
    2. these statements are often constructed by manually combining strings of code with strings of untrusted data
    3. improper validation of the untrusted data leads to interpretation of these data as code, thus causing code-injection by an attacker

    None of this is solved with using differential privacy.

    It is instead solved by properly separating code from data. This can be done with parameter binding instead of manually combining code and (untrusted) data into a SQL statement string. See here for more information on this topic.

    Improve this answer

      You must log in to answer this question.

      Start asking to get answers

      Find the answer to your question by asking.

      Ask question

      Explore related questions

      See similar questions with these tags.