SitePoint Sponsor

User Tag List

Results 1 to 25 of 44

Threaded View

  1. #1
    The doctor is in... silver trophy MarcusJT's Avatar
    Join Date
    Jan 2002
    Location
    London
    Posts
    3,509
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Secure your SQL queries!!!

    I thought I'd better make sure that everyone is aware of a particular class of security vulnerabilities called malicious SQL code injections. While there are many other security vulnerabilities, these are particularly dangerous - left unchecked, a malicious user could access or otherwise manipulate any data in the SQL Server, as well as execute DOS commands, etc.

    These vulnerabilities are nothing new, but security is usually the least of most developers' worries, and some developers may not even have considered this angle.

    If you are not already familiar with this topic, it is imperative that you read up pronto - you could be unwittingly putting all of your live DB data at risk, and possibly the server itself too!

    Please note that although most exploits using this technique target MS SQL Server, some can be applied to Access (and other DBs) too, so you're not necessarily invincible just because you've got a small site running off Access....!

    Here's a few sites to start you off (!):
    http://www.google.com/search?q=SQL+injection

    Hot off the presses - four rules for SQL Injection protection:
    http://msdn.microsoft.com/en-us/libr...SQL.80%29.aspx



    M@rco
    Last edited by TechnoBear; Jan 14, 2013 at 06:32. Reason: Updated MS link


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •