Welcome to MSDN Blogs Sign in | Join | Help

September 2007 - Posts

Catch the security flaw: Configuring encryption from Web Server to SQL Server

I assess software security for a living, but I almost missed this one. < connectionStrings > < add name = " Conn " connectionString = " server=server1; database=database1; Integrated Security=True " Encrypt = " True " /> </ connectionStrings Read More...
Posted Monday, September 10, 2007 1:07 PM by Varun Sharma | 0 Comments

SQL injection: Dynamic SQL within stored procedures

Most resources on the internet concentrate on dynamic SQL in the data access code as the cause of SQL injection. Although lesser known, SQL injection is also possible if the stored procedure itself constructs dynamic SQL and executes it with the “exec” Read More...
Posted Wednesday, September 05, 2007 11:22 AM by Varun Sharma | 3 Comments
 
Page view tracker