Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Articles with tag sql injection Rss

Search for any content tagged sql injection

   Items 1 to 13 of 13   
 

Elevation of Privileges

The elevation of privileges is a large security problem and Steve Jones discusses his fears. Would you know if someone successfully attacked your instance?  Read more...
By Steve Jones 2014/07/30 | Source: SQLServerCentral.com | Category: editorial
Rating: (not yet rated) |  Discuss |   Briefcase | 109 reads

SQL Injection: How it Works and How to Thwart it

This is an extract from the book Tribal SQL. In this article, Kevin Feasel explains SQL injection attacks, how to defend against them, and how to keep your Chief Information Security Officer from appearing on the nightly news.  Read more...
By Additional Articles 2014/05/13 | Source: SimpleTalk | Category: sql injection
Rating:  Rate this |   Briefcase | 5,500 reads

Review Your Code

Steve Jones notes that SQL Injection is still a problem, and while it might be for some time to come, we should not be adding to the issues. Learn how to write secure code.  Read more...
By Steve Jones 2013/08/12 | Source: SQLServerCentral.com | Category: editorial
Rating: (not yet rated) |  Discuss |   Briefcase | 320 reads

Stored Procedures and SQL Injection

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.  Read more...
By Brian Kelley 2013/02/18 | Source: SQLServerCentral.com | Category: security
Rating: |  Discuss |   Briefcase | 11,637 reads

Use Dynamic SQL to Improve Query Performance

This article by Jonathan Roberts demonstrates how to use dynamic SQL and overcome its downsides.  Read more...
By Jonathan Roberts 2012/02/17 (first published: 2010/05/20) | Source: SQLServerCentral.com | Category: dynamic sql
Rating: |  Discuss |   Briefcase | 26,422 reads

Why Use the Principle of Least Privilege?

SQL Injection isn't special code. It consists of regular, valid T-SQL that is unexpected by the application. Steve Jones notes that using the principle of least privilege can help to limit the damage from SQL Injection if the application fails to properly check input.  Read more...
By Steve Jones 2011/04/12 | Source: SQLServerCentral.com | Category: editorial
Rating: (not yet rated) |  Discuss |   Briefcase | 230 reads

SQL Injection Everywhere

Steve Jones talks about the possibility of SQL Injection, or other security issues from malformed input, affecting our lives in new and annoying ways.  Read more...
By Steve Jones 2011/04/11 | Source: SQLServerCentral.com | Category: editorial
Rating: |  Discuss |   Briefcase | 527 reads

Use Dynamic SQL to Improve Query Performance

This article by Jonathan Roberts demonstrates how to use dynamic SQL and overcome its downsides.  Read more...
By Jonathan Roberts 2012/02/17 (first published: 2010/05/20) | Source: SQLServerCentral.com | Category: dynamic sql
Rating: |  Discuss |   Briefcase | 26,422 reads

No One is Safe

A funny example of SQL Injection has Steve Jones reminding us that every application needs to protect itself.  Read more...
By Steve Jones 2010/04/20 | Source: SQLServerCentral.com | Category: editorial
Rating: |  Discuss |   Briefcase | 349 reads

Database Activity Monitoring Part 2 - SQL Injection Attacks

If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted and not stored in plain text.   Read more...
By Additional Articles 2010/03/10 | Source: Other | Category: security
Rating:  Rate this |   Briefcase | 3,497 reads

SQL Injection - Why I Don't Think Parameterization is Enough

One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...   Read more...
By Brian Kelley 2009/05/20 | Source: SQLServerCentral.com | Category: blogs
Rating: (not yet rated)  Rate this |   Briefcase | 3,238 reads

An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.  Read more...
By Edward Elliott 2009/01/07 | Source: SQLServerCentral.com | Category: sql injection
Rating: |  Discuss |   Briefcase | 2,944 reads

Recover from a SQL Injection Attack on SQL Server

Lately it seems like SQL Injection attacks have been increasing. Recently our team has worked through resolving a few different SQL Injection attacks across a variety of web sites. Each of these attacks had a number of similarities which proved to point back to the same source. With this information in hand, the resolution should be much quicker. As such, if your web site is attacked with SQL Injection, how should you address it? How can the identification, analysis, recovery and resolution be streamlined? What are some lessons learned?  Read more...
By Additional Articles 2008/08/22 | Source: SQLServerCentral.com | Category: security
Rating: (not yet rated)  Rate this |   Briefcase | 3,785 reads
   Items 1 to 13 of 13