August 6, 2008 at 2:40 am
How can i stop the sql injection any type of Virsion Like 2000,2004,2006
but i have 2000 so tell me how can i stop the sql injection in 2000.
August 7, 2008 at 4:31 am
SQL injection isn't actually a SQL Server vulnerability. Somewhere you have an application, most likely a web application that is using ad-hoc SQL statements to communicate with the database.
The fix is to change all database access to use stored procedures, to use parameterised calls to those procedures from your web front end and to only grant execute rights on those procedures to the web users. Do not grant any permissions on the base tables
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
August 7, 2008 at 5:41 am
Thanks i agree with you and if you have any other solution the please tell me i will very thankful to you
Ismail
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply