http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspxHello, Michael here... You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromiseen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#9413305Wed, 11 Feb 2009 23:00:35 GMT91d46819-8472-40ad-a661-2c78acb4018c:9413305Wampiryczny blog<p>CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection') pochodzi wprost z 2009 CWE/SANS Top 25 Most Dangerous Programming Errors. Osobiście bardzo się cieszę z opublikowania tego typu dokumentu, zalecenia w nim zawarte można wprost wyko</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=9413305" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#9028431Sat, 01 Nov 2008 21:46:27 GMT91d46819-8472-40ad-a661-2c78acb4018c:9028431Wade Hilmo<p>Earlier this year, it came to our attention that our customers were being subjected to a SQL Injection</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=9028431" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8866389Thu, 14 Aug 2008 14:10:21 GMT91d46819-8472-40ad-a661-2c78acb4018c:8866389contrari4n<p>I never cease to be amazed at the number of web developers (like IDisposable above) who avoid stored procedures like the plague.</p> <p>I fully understand, and have kept up to date with, the heated debate on the subject. I also accept that proponents of parameterized queries have argued their case well.</p> <p>However, there are couple of arguments for stored procedures that I haven't seen rebuffed anywhere.</p> <p>o You are sending more over the network than necessary, reducing scalability.</p> <p>o Not all referential integrity can be maintained by declarative means, and other options such as triggers often do not perform well. It is not uncommon for enforcement rules to be added to stored procedures.</p> <p>o It is essential that the DBA is aware of all data access during the development phase of a project, and able to vet all queries and updates for performance, scalability, integrity, security requirements, etc. How can this be managed if developers are writing ad hoc SQL in their code?</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=8866389" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8801373Fri, 01 Aug 2008 21:43:31 GMT91d46819-8472-40ad-a661-2c78acb4018c:8801373Do something clever here<p>Michael Howard reiterates the importance of checking for SQL injection attack vulnerabilities.With recent attacks, it is high time for developers to review all database code. We are pretty relig ...</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8801373" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8791668Wed, 30 Jul 2008 17:32:58 GMT91d46819-8472-40ad-a661-2c78acb4018c:8791668Weblogul lui Zoli<p>C&#226;t timp am fost &#238;n concediu... Noi resurse pentru dezvoltare: S-a lansat Zermatt beta . Superba stațiune</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8791668" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8776664Sun, 27 Jul 2008 00:53:19 GMT91d46819-8472-40ad-a661-2c78acb4018c:8776664Sid Atkinson Jr.<p>SQL Injection, a Microsoft Response</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8776664" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8656826Thu, 26 Jun 2008 16:58:15 GMT91d46819-8472-40ad-a661-2c78acb4018c:8656826Microsoft Ireland Blog<p>If you're doing ASP.NET development then you need to check these tools out. As per this security bulletin</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8656826" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8656825Thu, 26 Jun 2008 16:58:10 GMT91d46819-8472-40ad-a661-2c78acb4018c:8656825Ronan Geraghty's Blog <p>If you're doing ASP.NET development then you need to check these tools out. As per this security bulletin</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8656825" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8649791Wed, 25 Jun 2008 03:18:03 GMT91d46819-8472-40ad-a661-2c78acb4018c:8649791Troubleshooting and Tips - Cindy Gross<p>&amp;lt;p&amp;gt;This year SQL injection attacks are being stepped up and even automated against SQL Server. While SQL injection attacks can occur against any DBMS, my blog will only address SQL Server.&amp;lt;/p ...</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8649791" width="1" height="1">http://blogs.msdn.com/b/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx#8574484Thu, 05 Jun 2008 06:08:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:8574484Applelure<p>本文翻译自微软博客上刊载的相关文章，英文原文版权归原作者所有，特此声明。（特别感谢NeilCarpenter对本文写作提供的帮助）</p> <p>近期趋势</p> <p>从去年下半年开始，很多网站被损害，他们在用于生成动...</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8574484" width="1" height="1">