October 09, 2004

Stop SQL Injection Attacks Before They Stop You

Official advice from the source — ASP.NET developers take heed.

Armed with advanced server-side technologies like ASP.NET and powerful database servers such as Microsoft® SQL Server™, developers are able to create dynamic, data-driven Web sites with incredible ease. But the power of ASP.NET and SQL can easily be used against you by hackers mounting an all-too-common class of attack—the SQL injection attack. The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.

[ Full Story @ MSDN Magazine Sept 2004 ]

Source: MSDN Magazine Sept 2004 © 2004 Microsoft

Related websites (not necessarily endorsed by In The Faith):
MSDN

Posted by akvalley at October 9, 2004 02:07 PM | TrackBack
Comments
Post a comment









On-topic comments, complaints, and criticisms are welcome, but off-topic or inappropriate comments will be deleted without notice to the commentor. If you include your URL below it will be linked (and subsequently indexed by Google and the like...possibly).

Since ALL of the message text is displayed online, please maintain your personal privacy by not posting personal information.

Remember personal info?






Please enter the code as seen in the image above to post your comment.