Results 1 to 3 of 3

Thread: SQL Server: SPROC: Code hardening from SQLi

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

Previous Post

Next Post

Apr 26th, 2008, 03:50 AM #1
alex_read

View Profile

View Forum Posts
Thread Starter
Evil Genius

Join Date

May 2000

Location

Espoo, Finland

Posts

5,538
SQL Server: SPROC: Code hardening from SQLi
Hi everyone!

In writing a current web application, I had a thought about my stored procedure. Lets say it's a simple one as below:

Code:

Create procedure SaveToTable1 @ValueToSave varchar(25) AS INSERT INTO Table1 (Field1) VALUES (@ValueToSave)

Now, whilst I can write and secure web code from SQL injection attacks, and set permissions on SQL Server to preven anyone accessing this, I wondered if I could also be a little more paranoid and add an additional overhead of a check within the procedure.

I tried on search engines to look for stored procedure code hardening, but haven't turned up much. Some sites are saying SQL Server will check for invalid characters if parameters (like in that statment above) are used - similar to the way .Net code does. I don't know if there's any truth in this, or whether any of you might have your own parsing code - I just thought I'd ask everyones opinion to better understand/learn this please.

Thanks,
Alex
Please rate this post if it was useful for you!
Please try to search before creating a new post,
Please format code using [ code ][ /code ], and
Post sample code, error details & problem details
Reply With Quote

Quick Navigation Database Development Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Click Here to Expand Forum to Full Width

Terms and Conditions | About Us | Privacy Notice | Contact Us | Advertise | Sitemap| California - Do Not Sell My Info

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

All times are GMT -5. The time now is 02:01 AM.