I just read that article, but i'm amazed thinking that there actually are programmers that execute a query in SA or Dbo user context.
it's so easy to just secure you database using a sqlserver username/password and only allowing that user to execute SP, or custom select/insert/update functionalities. I understood that even before i knew which datatype i had to use in my tables (which i still don't :) regards remie bolte ----- Original Message ----- From: "Lonnie.Kraemer" <[EMAIL PROTECTED]> To: "ActiveServerPages" <[EMAIL PROTECTED]> Sent: Wednesday, November 06, 2002 6:27 PM Subject: Re: SQL query > --------------------- > I guess because some of us are not familiar with the application of > replace to accomplish this. > > <further_inquiry> > > Do you know where we could get some samples or documentation on this > practice. I think we all want more efficient code. > > </further_inquiry> > --------------------- > > Google for 'sql injection' for tons of info. Here's one: > http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3 > > -- > Lonnie Kraemer > ----------------------------------------- > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% > --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
