----------------------------------------------------------- New Message on BDOTNET
----------------------------------------------------------- From: _SQL_Vinod_ Message 3 in Discussion There is no simple response for this. There are tons of practices that help you avoid SQL injection. Paper on this topic are : http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.ngssoftware.com/papers/advanced_sql_injection.pdf There are many more are around in the market. At least half of the sites I've seen have been vulnerable to some form of SQL injection; I think it's important that people fully understand the issues. The paper contains information on a variety of attacks, including second-order SQL injection, automation scripts and audit evasion. It also discusses input validation and (briefly) secure builds. The intention is to raise awareness of the rich variety of SQL injection attacks, in order to encourage people to fix these issues in their applications. And the example from Rosh is just a form of injection. But it is not the ONLY form of injection ... :) ... HTH, Vinod Kumar MVP - SQL Server www.ExtremeExperts.com ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/bdotnet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]
