LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

In a SQL database application, what are the two types of interfaces that need protection?

Two: the application-specific interface (user → application) and the general SQL interface (application → database) — and each needs a different defence.

User and Database with the Application between them, separated by two interface bands: an app-specific interface (validate business data) and a general SQL interface (parameterize queries).

* Two interfaces, two defences — the app-specific interface validates business data; the general SQL interface is where you parameterize queries. *

The point of separating them is that one tool doesn't cover both. User input is validated against business rules at the first interface; but even validated data can still be dangerous at the SQL interface, so there you switch tools entirely to parameterized queries — which keep data and SQL code in separate channels so input can't become a command:

Interface breakdown:

Interface From To Protection Needed
Application-specific User Application Input validation for user data
SQL Interface Application Database Parameterized queries, SQL escaping

SQL Subset example:

  • Application accepts user data
  • Converts to SQL-Subset language
  • SQL-Subset passed to database
  • Database interprets SQL

Risk: If user data is concatenated directly into SQL without proper handling, SQL injection occurs.

From Quiz: SPRG / Security Review | Updated: Jul 14, 2026