Re: Preventing malicious T-SQL injection attacks


Clear questions and runnable code get the best and fastest answer
	PerlMonks

Re: Preventing malicious T-SQL injection attacks

by jonadab (Parson)

on Mar 05, 2007 at 12:35 UTC ( [id://603199]=note: print w/replies, xml )

Need Help??

in reply to Preventing malicious T-SQL injection attacks

I guess that it might be an idea to limit the SPROCs that can be called. It might be an idea to make it impossible to activate any SPROC that is a system SPROC. That would require screening of the $SPROC variable.

Whitelist. Make a list of all the acceptable values of $SPROC, and don't execute anything that's not on the list. In information security, it is always far, far better to use a whitelist than a blacklist. Anything not expressly allowed is automatically verboten. Don't put anything on the list that doesn't actually need to be there.

Plus do what bart suggests above, with the placeholders. I was going to say that, but he beat me to it. It's good advice.

We're working on a six-year set of freely redistributable Vacation Bible School materials.

Comment on Re: Preventing malicious T-SQL injection attacks

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://603199]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others having an uproarious good time at the Monastery: (2)

As of 2025-12-12 03:14 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

What's your view on AI coding assistants?

Results (92 votes). Check out past polls.

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.