• Intel
  • Microsoft
  • Google
  • Sun Microsystems
  • BT
  • IBM
  • Yahoo! Inc.
  • Zimbra
  • Atlassian Software Systems
  • Disney
  • EnterpriseDB
  • Etelos
  • Ingres
  • JasperSoft
  • Kablink
  • Linagora
  • MindTouch
  • Mozilla Corporation
  • Novell, Inc.
  • Open Invention Network
  • OpSource
  • RightScale
  • Silicon Mechanics
  • Tenth Planet
  • Ticketmaster
  • Voiceroute
  • White Oak Technologies, Inc.
  • XAware
  • ZDNet

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com.

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for more information on trade opportunities with O'Reilly conferences, or contact mediapartners@oreilly.com.

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com.

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required).

Contact Us

View a complete list of OSCON 2008 Contacts

Lock Up Your Data

Location: D133 Level: Novice
Average rating: ****.
(4.09, 11 ratings)

Far too many web database application designers rely entirely on “permiter defense” for 100% of their data security. But with increasingly complex applications and increasingly sophisticated attackers, it’s no longer adequate (if it ever was) to only use web server and simple middleware tools to lock up your data; you need full-stack security, down to the database level.

Database guru Josh Berkus will briefly go over some basic techniques for integrated data security for RDBMS-based web applications, including:

  • Stopping SQL Injection
  • Using SQL data abstraction for security
  • How database permissions work
  • After an attack: data auditing

While examples will be based on PHP & PostgreSQL, they should be applicable to other platforms.

Photo of Josh Berkus

Josh Berkus

PostgreSQL Experts, Inc.

Josh Berkus is primarily known as one of the Core Team of the world-spanning open source database project PostgreSQL. He has been
involved with various open source projects since 1998, including SPI, OpenOffice.org, LedgerSMB, Bricolage and OpenBRR and is on the selection committee for OSCON, Sun Microsystems employs Josh in its Database Technolgy Group as the strategic lead for
Sun’s PostgreSQL for Solaris product offering. He also makes pottery.

OSCON 2008