Relational databases and SQL Malware: How to defend against it?

[Amaroq_Starwind]

Pertaining to relational databases and SQL-based malware, how would you hypothetically detect and defend against it? And how does malware directly targeting databases even work?

I'm asking because I intend to develop software for relational databases, and I'd like security to be one of my first priorities. But I don't want to charge in blind if I can avoid it!

 

[David H. Lipman]

• Data exfiltration
• Database security
• Security Issues in the Database Language SQL

 

 

 

[Amaroq_Starwind]

Thanks for the resources, I'll check them out.

[Amaroq_Starwind]

For those curious, I'm heavily inspired by a piece of Microsoft software (which was abandoned mid-development) called WinFS, short for Windows FutureStorage. It aimed to add an SQL-based relational database on top of the computer's filesystem, integrated directly into the operating system and being used by various applications to handle the organization of files, records and metadata.

One of my goals is to create something similar, actually bring it to fruition, and, as stated before... make sure it's as stable and secure as possible. Preferably while maintaining a small footprint~

If you're curious, it is actually possible to get a copy of a beta build of WinFS from various archival websites, including its SDK. I intend to start from scratch, however. I'll keep you guys updated on my progress later on down the road.