I want some Moore

Blog about stuff and things and stuff. Mostly about SQL server and .Net
posts - 223, comments - 2295, trackbacks - 33

My Links

Advertisement

News

Hi! My name is 
Mladen Prajdić  I'm from Slovenia and I'm currently working as a .Net (C#) and SQL Server developer.

I also speak at local user group meetings and conferences like SQLBits and NT Conference
Welcome to my blog.
SQL Server MVP

My Books

SQL Server MVP Deep Dives 2
The Red Gate Guide to SQL Server Team based Development Free e-book
My Blog Feed via Email
Follow MladenPrajdic on Twitter
Users Online: who's online

Article Categories

Archives

Post Categories

Cool software

Other Blogs

Other stuff

SQL stuff

February 2011 Blog Posts

SQL Server SQL Injection from start to end

SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order...

posted @ Wednesday, February 16, 2011 7:00 AM | Feedback (2) | Filed Under [ .Net SQL Server Back to Basics ]

Powered by:
Powered By Subtext Powered By ASP.NET

Copyright © Mladen Prajdić