October 09, 2004

Colin Angus Mackay's "SQL Injection Attacks"

A must-read for web developers everywhere. Although, Colin’s article specifically handles SQL injection attacks for the ASP.NET environment, his advice can be applied to any data-driven web application. Let us be secure from intrusion.

Every day I see messages on various forums asking for help with SQL. Nothing wrong with that. People want to understand how something works, or have a partial understanding but something is keeping them from completing their task. However, I frequently also see messages that have SQL statements being built in C# or VB.NET that are extremely susceptible to injection attack. Sometimes it is from the original poster and, while they really need to learn to defend their systems, that is fine as they are trying to learn. Nevertheless there is also a proportion of people responding to these questions that give advice that opens up gaping security holes in the original poster’s system, if they follow that advice.

[ Full Story @ Stuff that’s in my head ]

Source: Stuff that’s in my head © 2004 Colin Angus Mackay

Posted by akvalley at October 9, 2004 01:06 PM | TrackBack
Comments
Post a comment









On-topic comments, complaints, and criticisms are welcome, but off-topic or inappropriate comments will be deleted without notice to the commentor. If you include your URL below it will be linked (and subsequently indexed by Google and the like...possibly).

Since ALL of the message text is displayed online, please maintain your personal privacy by not posting personal information.

Remember personal info?






Please enter the code as seen in the image above to post your comment.