Yes, but they are using SQL on the SQL server. What this is doing for you is denying direct table access for your applications user. In addition to this, another thing that you want to make sure of is that you do not use the same account that you create the Stored Procedures, Views and DB Components to access the SP's. Create two accounts for these actions. The first account is the one that you log into the server with and create your SP's Views, etc.. Make sure that the second account has access to execute the SP's and nothing else. That way you have an account that cannot query tables directly or add or update any data. outside the confines of the SP. That way, hackers will not be able to perform any of the operations on the database other then they could using the applications itself.
HTH, Bruce ----- Original Message ----- From: "derek bumpas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 29, 2003 10:20 AM Subject: RE: SQL Injection > I've considered this. I am not sure how Stored Procs handle the > parameters. Aren't Stored Procs still using SQL statements in the end? > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Bruce Sorge > Sent: Thursday, May 29, 2003 10:11 AM > To: [EMAIL PROTECTED] > Subject: Re: SQL Injection > > > How about using only Stored Procedures? > ----- Original Message ----- > From: "derek bumpas" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, May 29, 2003 10:02 AM > Subject: SQL Injection > > > > > > Hi all, > > > > I would like to know how most of you are protecting against malicious > > users and checking for various attacks. I am most interested in > > protecting against SQL Injection. Most of the examples and code > > snippets that I have seen on both Macromedia and other sites don't > > seem to have ANY protection against this type of attack. > > > > The CFQUERYPARAM tag can help if used correctly, but what are some > > other techniques being used? > > > > Thanks, > > derek > > > > ----------------------------------------------- > > To post, send email to [EMAIL PROTECTED] > > To unsubscribe: > > Send UNSUBSCRIBE to [EMAIL PROTECTED] > > To subscribe / unsubscribe: http://www.dfwcfug.org > > > > > > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To unsubscribe: > Send UNSUBSCRIBE to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org > > > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To unsubscribe: > Send UNSUBSCRIBE to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org > > ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
