Re: SQL Injection Vulnerability

Thu, 11 Dec 2003 07:31:52 -0800 

-----------------------------------------------------------

New Message on BDOTNET

-----------------------------------------------------------
From: ajilantony
Message 6 in Discussion


Thanks, mate.
 
cheers,
Ajil Antony.
 

  ----- Original Message ----- 
  From: 
  BDOTNET 
  To: BDOTNET 
  Sent: Thursday, December 11, 2003 12:27 
  PM
  Subject: Re: SQL Injection 
  Vulnerability
  

  
    
      
      New Message on BDOTNET
    
      

  SQL 
    Injection Vulnerability


    
      
      
        Reply

        
          
            
            
               
              Recommend 
              Message 3 in 
                Discussion 
      
        
          
            
            
              From: _SQL_Vinod_ 
            
              

                There is no simple response for this. There are tons of 
                practices that help you avoid SQL injection. Paper on 
                this topic are :
                 
                http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
                http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
                 
                There are many more are around in the market. At least 
                half of the sites I've seen have been vulnerable to some 
                form of SQL injection; I think it's important that people fully 
                understand the issues.

The paper contains information on 
                a variety of attacks, including second-order SQL injection, 
                automation scripts and audit evasion. It also discusses input 
                validation and (briefly) secure builds. The intention is to 
                raise awareness of the rich variety of SQL injection attacks, in 
                order to encourage people to fix these issues in their 
                applications.
                
And 
                the example from Rosh is just a form of injection. But it is not 
                the ONLY form of injection ... :) ...
                HTH,
Vinod Kumar
                MVP - SQL Server
                www.ExtremeExperts.com
View other groups in this 
    category. 



-----------------------------------------------------------

To stop getting this e-mail, or change how often it arrives, go to your E-mail 
Settings.
http://groups.msn.com/bdotnet/_emailsettings.msnw

Need help? If you've forgotten your password, please go to Passport Member Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help

For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact

If you do not want to receive future e-mail from this MSN group, or if you received 
this message by mistake, please click the "Remove" link below. On the pre-addressed 
e-mail message that opens, simply click "Send". Your e-mail address will be deleted 
from this group's mailing list.
mailto:[EMAIL PROTECTED]

Reply via email to