Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^6: Preventing malicious T-SQL injection attacks

by Win (Novice)
on Mar 05, 2007 at 16:31 UTC ( #603242=note: print w/ replies, xml ) Need Help??


in reply to Re^5: Preventing malicious T-SQL injection attacks
in thread Preventing malicious T-SQL injection attacks

I think that it would be good when SELECT is used in a similar circumstance. But when that particular feature is used with EXEC I believe it is redundant code and therefore is best not used.


Comment on Re^6: Preventing malicious T-SQL injection attacks
Re^7: Preventing malicious T-SQL injection attacks
by davorg (Chancellor) on Mar 05, 2007 at 16:55 UTC

    But what is redundant? What would you remove? Like I said, this is a completely free feature. There is no code in there which specifically checks for the right number of parameters, it's just something that execute gives you for free.

    There is no redundancy. There is nothing to remove. If you find something to remove then I'd love to see it.

      I suppose that it would add an extra layer of security given that, otherwise, a hacker may manage to alter the SPROC to take an extra variable and then run that without changes to the Perl program.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://603242]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (12)
As of 2014-09-22 19:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (198 votes), past polls