Results 1 to 9 of 9
  1. #1
    Join Date
    Nov 2005
    Location
    San Francisco, CA
    Posts
    506

    Unanswered: Sql Injection attack

    hi,
    Hope everybody is fine.Well,today I want to know the smartest ways to prevent sql injection attacks.It would be really helpful if anybody gives light to it.
    Thanks!!
    Success is the ability to go from one failure to another with no loss of enthusiasm.
    - Sir Winston Churchill
    Joydeep

  2. #2
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    rudra,

    Do a search of the forum and of the web. The topic has been well-discussed.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  3. #3
    Join Date
    Nov 2005
    Location
    San Francisco, CA
    Posts
    506
    Quote Originally Posted by blindman
    rudra,

    Do a search of the forum and of the web. The topic has been well-discussed.
    Thank You Batman.
    Yea I already got a lot of stuff in the DBForums archive.
    Thanks!!
    Last edited by rudra; 08-18-06 at 13:51.
    Success is the ability to go from one failure to another with no loss of enthusiasm.
    - Sir Winston Churchill
    Joydeep

  4. #4
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    Not submitting a string to the database (use sprocs, command objects and parameter objects) and minimum user security are pretty nearly it. I think the big thing to remember is using sprocs is not enough - you need to oversee the application code too.

    Couple of links I have read recently:
    http://www.rockyh.net/AssemblyHijack...Hijacking.html
    http://www.sqlteam.com/forums/topic....=sql,injection


    HTH
    Testimonial:
    pootle flump
    ur codings are working excelent.

  5. #5
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Basically, do not use dynamic sql that contains concatenated user input.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  6. #6
    Join Date
    Nov 2005
    Location
    San Francisco, CA
    Posts
    506
    Pootie ,that was just awesome man,that audio-visual one....Thanks ....I mean thanks a ton ....a hug to you pootie
    Success is the ability to go from one failure to another with no loss of enthusiasm.
    - Sir Winston Churchill
    Joydeep

  7. #7
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Which part of him do you want to hug? His pootle, or his flump?
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  8. #8
    Join Date
    Nov 2005
    Location
    San Francisco, CA
    Posts
    506
    Quote Originally Posted by blindman
    Which part of him do you want to hug? His pootle, or his flump?
    First you tell me the way to distinguish the two...see the pic for help
    Attached Thumbnails Attached Thumbnails images.jpg  
    Success is the ability to go from one failure to another with no loss of enthusiasm.
    - Sir Winston Churchill
    Joydeep

  9. #9
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    (((((((((Joydeep))))))))))))


    I like the Rocky one too. Couldn't get his other vids to work though....
    Testimonial:
    pootle flump
    ur codings are working excelent.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •