January 14, 2010 at 10:55 pm
Hi All,
Please tell me what is means by SQL injection in simple words as i m not clearly understand it by msdn.
Regards,
Shivrudra W
January 14, 2010 at 11:09 pm
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
January 14, 2010 at 11:29 pm
Then how can we avoid sql injection?
January 15, 2010 at 5:02 am
Avoid using Dynamic SQL embedded in the User Interface and Stored Procedures.
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
http://aspalliance.com/385_Using_SQL_Server_Stored_Procedures_To_Prevent_SQL_Injection
http://www.wwwcoder.com/Directory/tabid/68/type/art/site/2966/parentid/258/Default.aspx
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply