Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Preventing Injection attacks
Message
From
22/08/2008 15:38:58
Naomi Nosonovsky
Wisconsin, United States
 
 
To
22/08/2008 12:55:58
Craig Berntson
Quicken Loans
Salt Lake City, Utah, United States
General information
Forum:
Microsoft SQL Server
Category:
Other
Title:
Re: Preventing Injection attacks
Environment versions
SQL Server:
SQL Server 2005
Miscellaneous
Thread ID:
01341172
Message ID:
01341231
Views:
11
If a user typed < script > in the field using stored procedures would not help.

>Use stored procs as the first defense.
>
>>Hi everybody,
>>
>>I'm thinking, that instead of trying to intercept every request we may try to use UPDATE/INSERT triggers for every table and reject entries contaning < script > Does it sound like a better approach?
>>
>>What do you think?
>>
>>Thanks in advance.
If it's not broken, fix it until it is.


My Blog
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform