Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Preventing Injection attacks
Message
From
25/08/2008 15:37:24
Naomi Nosonovsky
Wisconsin, United States
 
 
To
25/08/2008 15:28:56
Borislav Borissov (Online)
Microcomplex
Sofia, Bulgaria
General information
Forum:
Microsoft SQL Server
Category:
Other
Title:
Re: Preventing Injection attacks
Environment versions
SQL Server:
SQL Server 2005
Miscellaneous
Thread ID:
01341172
Message ID:
01341606
Views:
13
>>This is for SELECT statements. But I'm talking about INSERT/UPDATE. Nobody prevents you from typing
>>
>>
<script> malicios script </script>
in the fields.
>
>Just remove [>] and [<] from the typed string :o)

Easy to say than do :) Though you can just test each Request. I played with this suggestion already, but I noticed slowness and also couple of our pages started to re-direct, so I removed some strings from the tested input...
If it's not broken, fix it until it is.


My Blog
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform