Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

SQL Injection! Expand / Collapse
Author
Message
Posted Tuesday, February 3, 2004 11:08 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Thursday, July 10, 2014 1:34 PM
Points: 6,623, Visits: 1,855

If you really lock down master, then true, you've mitigated most of the rest. Most folks don't think to do this, unfortunately.

 



K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #98551
Posted Tuesday, February 3, 2004 11:08 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Thursday, July 10, 2014 1:34 PM
Points: 6,623, Visits: 1,855

If you really lock down master, then true, you've mitigated most of the rest. Most folks don't think to do this, unfortunately.

 



K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #98552
Posted Tuesday, February 3, 2004 2:18 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Sunday, July 20, 2014 7:29 AM
Points: 173, Visits: 340

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98579
Posted Tuesday, February 3, 2004 2:19 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Sunday, July 20, 2014 7:29 AM
Points: 173, Visits: 340

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98580
Posted Tuesday, February 3, 2004 2:20 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Sunday, July 20, 2014 7:29 AM
Points: 173, Visits: 340

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98581
Posted Tuesday, February 3, 2004 2:20 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Sunday, July 20, 2014 7:29 AM
Points: 173, Visits: 340

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98582
Posted Tuesday, February 3, 2004 2:20 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Sunday, July 20, 2014 7:29 AM
Points: 173, Visits: 340

Chris,

Excellent article!!!  After reading your article, I checked w/ our Sr. System Developer to verify if we are using these techniques.  We are looking in depth to other exploitations of SQL injections with our app.

Thanks,

Dave S.




Post #98583
Posted Wednesday, February 4, 2004 6:26 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Today @ 8:04 AM
Points: 6,779, Visits: 1,863
Test post, trying to duplicate the null error.

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #98774
Posted Wednesday, February 4, 2004 6:35 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Today @ 8:04 AM
Points: 6,779, Visits: 1,863
Just posted a fix (hopefully) for the null issue. Sorry about that!

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #98775
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse