SQL Injection isn't special code. It consists of regular, valid T-SQL that is unexpected by the application. Steve Jones notes that using the principle of least privilege can help to limit the damage from SQL Injection if the application fails to properly check input.
2015-12-28 (first published: 2011-04-12)
471 reads
Steve Jones talks about the possibility of SQL Injection, or other security issues from malformed input, affecting our lives in new and annoying ways.
2011-04-11
562 reads
This article by Jonathan Roberts demonstrates how to use dynamic SQL and overcome its downsides.
2012-02-17 (first published: 2010-05-20)
30,329 reads
A funny example of SQL Injection has Steve Jones reminding us that every application needs to protect itself.
2010-04-20
358 reads
If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted and not stored in plain text.
2010-03-10
3,893 reads
One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...
2009-05-20
3,948 reads
TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.
2009-01-07
2,996 reads
Lately it seems like SQL Injection attacks have been increasing. Recently our team has worked through resolving a few different SQL Injection attacks across a variety of web sites. Each of these attacks had a number of similarities which proved to point back to the same source. With this information in hand, the resolution should be much quicker. As such, if your web site is attacked with SQL Injection, how should you address it? How can the identification, analysis, recovery and resolution be streamlined? What are some lessons learned?
2008-08-22
4,820 reads
I have no problem with that, the more people get active here, the better for all. Just keep in mind quantity != quality.
2005-05-30
I didn't know it happens with a backup!!! Is it implicitly done or do you explicitly force a shrink ?! What is the syntax ?
2005-05-18
By Steve Jones
I got this in an email about a week ago from the PASS Data...
By Steve Jones
addleworth – adj. unable to settle the question of whether you’re doing okay in...
Hey all! Quick one here. Tracy Boggiano, awesome person that she is, has put...
Comments posted to this topic are about the item 7 sept, scheduled book
Comments posted to this topic are about the item 7 sept, schedlued article
Comments posted to this topic are about the item 6 sept, published book
Azure Data Lake Storage Gen 2 is built on ...?
See possible answers