SQL Injection Vulnerability with ADO.NET? - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

SQL Injection Vulnerability with ADO.NET?

Message

From

10/02/2006 22:20:25

Cetin Basoz
Engineerica Inc.
Izmir, Turkey

To

10/02/2006 21:34:54

Steve Craft
Atomic9.NET
Philadelphia, Pennsylvania, United States

General information

Forum:

Visual FoxPro

Category:

Visual FoxPro and .NET

Title:

Re: SQL Injection Vulnerability with ADO.NET?

Environment versions

Visual FoxPro:

VFP 9 SP1

OS:

Windows Server 2003

Network:

Windows 2003 Server

Database:

Visual FoxPro

Miscellaneous

Thread ID:

01095595

Message ID:

01095598

Views:

10

>Just wondering 'out loud' about the possibility of a VFP9 database's stored procedures being susceptible to SQL-Injection attacks from an ADO.NET client. I'm torn between stored procs and dynamic SQL, and if VFP9 stored procs via OLEDB/ADO.NET are not any safer than dynamic SQL, I may as well do dynamic SQL, know what I mean?
>
>All comments welcome.
>
>Thanks!

Steve,
Can you give an SQL injection sample for VFP? IMHO either dynamic or stored procedure it is the coder who can create a vulnerability (and actually in SQL server too).
Cetin

Çetin Basöz

The way to Go
Flutter - For mobile, web and desktop.
World's most advanced open source relational database.
.Net for foxheads - Blog (main)
FoxSharp - Blog (mirror)
Welcome to FoxyClasses

LinqPad - C#,VB,F#,SQL,eSQL ... scratchpad

Click here to load this message in the networking platform