SQL Injection

SQL Injection is probably the best reason, other than speed of execution sometimes, to use stored procedures instead of dynamic SQL queries. Ill-intentioned users can inject character literals through their input that can be used to comment out part of the query being executed. Scott Glu has a tip on ways of preventing it (via Miguel de Icaza). It is specific to .Net, but can easily be extended to any other language/platform.

Discussion [Participate or Link]

Code Injection And Not Just SQL on iface thoughts said:
November 23rd, 2006 at 12:54 pm
[...] Brian Sullivan points out that code injection need not be always through SQL. Though SQL injection is popular, malicious code can be injected through user input during any data retrieval, including for XML and LDAP. He discusses some techniques for protecting against the injection with the common principle of validating every single input from the user. Having a whitelist instead of a blacklist can help as usually you know the allowed parameters and the set of invalid parameters can be infinite. A good article. [...]
Format String Vulnerabilities on iface thoughts said:
February 3rd, 2007 at 8:52 am
[...] technique is conceptually very obviously similar to other injection techniques, like SQL Injection, where the user can provide (inject) malicious input which is not correctly handled by the [...]
Preventing SQL Injection | iface thoughts said:
May 9th, 2007 at 11:11 pm
[...] in a very clear and detailed manner, explains the various ways of preventing SQL Injection. SQL Injection is one of the biggest security worries. If not handled properly you can leave your entire [...]

freshthoughts

contactme

Abhijit Nadgouda

iface Consulting

anadgouda@gmail.com

India

+91 9819820312

Y!: anadgouda
GTalk: anadgouda@gmail.com
MSN: anadgouda@hotmail.com
Skype: anadgouda
My bookmarks

currentproject

Complete Wellbeing

divinetaste

badgesand...

accessibility
blogging
books
cms
css
design
desktop
entrepreneurship
estimation
feeds
for executives
india
linux
mindworks
mobile
open source
process
- agile
programming
- ajax
- cpp
- csharp
- erlang
- java
- javascript
- php
- python
- ruby
project management
rant
requirements
roi
software for business
standards
testing
this
toc
tools
usability
web
wordpress
wordpress global variables

This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.

Twitter - #mumbai - The city has started working today. The fears are still there, but the spirit will help in fighting it.

Served in 0.823 seconds using 20 queries.