Viewing 15 posts - 76 through 90 (of 140 total)
well this spells it out clearly:
http://www.akadia.com/services/sqlsrv_logins_and_users.html
I suppose if I restore the master first then the actual databases that might work.
April 28, 2004 at 2:01 pm
Thanks everyong, it looks like it was useing the alias that really made the difference. I have my proc working correctly using a table variable now.
As usual so many questions...
March 30, 2004 at 11:51 am
Ya well I'd love to, but since I can't do a "insert into" it won't work for my current solution.
In my dynamic sql version of this solution I use a...
March 30, 2004 at 10:28 am
Thanks for that Brian, chances are I will never have time to make that change on old apps, but I have added it to my methodology for new projects.
March 30, 2004 at 10:08 am
Hmm can't do a select into..that sounds familiar, and that probably explains why my code was throwing an error.
So is the scope of a temp table local to the procedure?...
March 30, 2004 at 2:50 am
Ok I'll try that in the morning. BTW is there any function difference between a temp table and a table variable? scope or otherwise.
March 30, 2004 at 12:21 am
Thanks for the article Steve. It left me wondering though.
As you say your metrics looked good except at certain peak times for certain timezones/geography. So what can one do to...
March 29, 2004 at 10:11 pm
Ya that failed to inject as well. Looks like I am reasonably secure the way I am doing things.
I do validate my forms both client side and server side, and...
March 29, 2004 at 4:02 pm
Sorry it wasn't clear. No I am not using dynamic sql.
I'll abstract it.
this works
============================
create table #temptable
( id int)
insert into #tempTable select uid from tableA where some condition
select thisField...
March 29, 2004 at 3:19 pm
Hmm I assumed that his notation was simply shorthand and that the web form was using parameter ado objects...I should reply to his thread.
It does sound like your saying with...
March 29, 2004 at 3:09 pm
lol well if nothing else his injection code was enough to stump the forum parser, I had to snip part of his code out to have it display correctly. The...
March 29, 2004 at 1:58 pm
Im not entirely sure about that simonsabin. That was my assumption but then I found this post on:
http://seclists.org/lists/pen-test/2001/Mar/0105.html
Here is the relevent section that challenged my assumptions:
> So, i...
March 29, 2004 at 1:54 pm
I'll be migrating to a new server soon, and I have spent a greate deal of time thinking about my availability,monitoring,recovery, and security plan. I will try to find...
March 26, 2004 at 10:39 am
Thanks I was mostly concerned with beefing up my sql injection defense. My current sites are exclusivly on stored procedures, no dynamic sql from asp at all.
I check the parameters...
March 26, 2004 at 9:56 am
Thanks antares, these archive tables are created on the fly by client activity so there's no way for me to branch in a proc.
I think I have decided to correct...
March 25, 2004 at 6:13 pm
Viewing 15 posts - 76 through 90 (of 140 total)