SQL Injection Vulnerability with ADO.NET? - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

SQL Injection Vulnerability with ADO.NET?

Message

De

10/02/2006 22:20:25

Cetin Basoz
Engineerica Inc.
Izmir, Turquie

À

10/02/2006 21:34:54

Steve Craft
Atomic9.NET
Philadelphia, Pennsylvanie, États-Unis

Information générale

Forum:

Visual FoxPro

Catégorie:

Visual FoxPro et .NET

Titre:

Re: SQL Injection Vulnerability with ADO.NET?

Versions des environnements

Visual FoxPro:

VFP 9 SP1

OS:

Windows Server 2003

Network:

Windows 2003 Server

Database:

Visual FoxPro

Divers

Thread ID:

01095595

Message ID:

01095598

Vues:

8

>Just wondering 'out loud' about the possibility of a VFP9 database's stored procedures being susceptible to SQL-Injection attacks from an ADO.NET client. I'm torn between stored procs and dynamic SQL, and if VFP9 stored procs via OLEDB/ADO.NET are not any safer than dynamic SQL, I may as well do dynamic SQL, know what I mean?
>
>All comments welcome.
>
>Thanks!

Steve,
Can you give an SQL injection sample for VFP? IMHO either dynamic or stored procedure it is the coder who can create a vulnerability (and actually in SQL server too).
Cetin

Çetin Basöz

The way to Go
Flutter - For mobile, web and desktop.
World's most advanced open source relational database.
.Net for foxheads - Blog (main)
FoxSharp - Blog (mirror)
Welcome to FoxyClasses

LinqPad - C#,VB,F#,SQL,eSQL ... scratchpad

Click here to load this message in the networking platform