Stored Procedures do not protect from SQL Injection Attacks
'I often hear people say that using stored procedures protects you against SQL injection attacks. This is incorrect. The vulnerability to SQL Injection comes from concatenating values into SQL Strings and then executing them, whether that is done in client side code or through the use of dynamic SQL.
For example, let's say I need to retrieve all the Leads with a given surname. I could write a Stored Procedure for this as follows...'...
http://www.devx.com/dbzone/stored-procedures-do-not-protect-from-sql-injection-attacks.html
Trackbacks
Die Kommentarfunktion wurde vom Besitzer dieses Blogs in diesem Eintrag deaktiviert.
Kommentare
Ansicht der Kommentare: Linear | Verschachtelt