Friday, May 05, 2006

Review ofThe Database Hacker's Handbook Posted just posted my four star review of The Database Hacker's Handbook by NGS Software members David Litchfield, Chris Anley, John Heasman, and Bill Grindlay. From the review:

The Database Hacker's Handbook (TDHH) is unique for two reasons. First, it is written by experts who spend their lives breaking database systems. Their depth of knowledge is unparalleled. Second, TDHH addresses security for Oracle, IBM DB2, IBM Informix, Sybase ASE, MySQL, Microsoft SQL Server, and PostgreSQL. No other database security book discusses as many products. For this reason, TDHH merits four stars. If a second edition of the book addresses some of my later suggestions, five stars should be easy to achieve.


David Litchfield said...

Hi Richard,
Firstly, thanks for reading TDHH and writing the review, which has come at a most prescient time as I begin the groundwork for the Oracle Hacker's Handbook. Taking on board some of your comments, it makes sense to move the code online though it could be argued its presence in the book will help elucidate some of the points being made if you're reading on the beach... On balance, however, I think the code is better off being moved out of the book.

As far as the short chapters go it's probably because there wasn't much to say on that particular issue ;)

Implementing Database Security and Auditing by Ron Ben Natan is most definitely a great companion to TDHH - I have read it and commend it highly.

In conclusion ;), thanks again for taking the time to write the review and with TOHH I'll aim for the 5 stars.
David Litchfield

Anonymous said...

I already had both books so your review (obviously) wasn't a purchasing factor. I think that your review is really on target with respect to both books. Now, I'll have to wait for "Database Security .." by Afyouni and see how it compares.

Richard Bejtlich said...


Nice to hear from you! I and many others look forward to your next books.

Thank you for your work.