Mike Yearwood
Toronto, Ontario, Canada
Information générale
Forum:
Microsoft SQL Server
The attack vectors cited below, which are real even with parameterized SQL statements, are eliminated by a server side API creating the CRUD statements.
So for SOME scenarios, there is reason to avoid parameters, as their transport mechanism might be subverted and the whole statement might be altered.
>... There is zero reason to avoid using parameters.
>
>>>>Actually ***his*** source is safe against anything except for MIM attacks or total code rewite, which would succeed even in SQL parameter cases by rewriting the whole statement, unless there is further sanitizing server side.
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement