Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

SQL Injection! Expand / Collapse
Author
Message
Posted Tuesday, February 03, 2004 11:08 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Thursday, April 03, 2014 10:06 PM
Points: 6,621, Visits: 1,851

If you really lock down master, then true, you've mitigated most of the rest. Most folks don't think to do this, unfortunately.

 



K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #98551
Posted Tuesday, February 03, 2004 11:08 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Thursday, April 03, 2014 10:06 PM
Points: 6,621, Visits: 1,851

If you really lock down master, then true, you've mitigated most of the rest. Most folks don't think to do this, unfortunately.

 



K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #98552
Posted Tuesday, February 03, 2004 2:18 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, July 23, 2013 3:13 PM
Points: 170, Visits: 335

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98579
Posted Tuesday, February 03, 2004 2:19 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, July 23, 2013 3:13 PM
Points: 170, Visits: 335

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98580
Posted Tuesday, February 03, 2004 2:20 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, July 23, 2013 3:13 PM
Points: 170, Visits: 335

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98581
Posted Tuesday, February 03, 2004 2:20 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, July 23, 2013 3:13 PM
Points: 170, Visits: 335

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98582
Posted Tuesday, February 03, 2004 2:20 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, July 23, 2013 3:13 PM
Points: 170, Visits: 335

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98583
Posted Wednesday, February 04, 2004 6:26 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Yesterday @ 9:01 AM
Points: 6,705, Visits: 1,680
Test post, trying to duplicate the null error.

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #98774
Posted Wednesday, February 04, 2004 6:35 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Yesterday @ 9:01 AM
Points: 6,705, Visits: 1,680
Just posted a fix (hopefully) for the null issue. Sorry about that!

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #98775
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse