BrettBlog - Preventing SQL Injections

Tuesday, January 06, 2009

Preventing SQL Injections

Wanted to postback to this article by Wade on the IIS team.

He summarizes this issue really well - in particular that topics lose focus due to a the many posts and lack of the ability to see information chronologically sorted in searching.

http://blogs.iis.net/wadeh/archive/2008/12/18/how-iis-can-help-with-sql-injection.aspx

Keep in mind that as he points out early on, request filtering for SQL inhections is a band-aid. Your appliciations should be written so they do not allow passing of invalid or risky strings to the server.

Thanks!

-brett

IIS | IIS 7 | Reference | Security

Tuesday, January 06, 2009 6:00:16 PM (GMT Standard Time, UTC+00:00)

Comments [0] |

kick it on DotNetKicks.com

Comments are closed.

Theme design by Jelle Druyts

Calendar

March 2010

Sun

Mon

Tue

Wed

Thu

Fri

Sat

28

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

1

2

3

4

5

6

7

8

9

10

Archives

October, 2009 (1)

August, 2009 (1)

March, 2009 (2)

January, 2009 (3)

December, 2008 (2)

November, 2008 (1)

October, 2008 (2)

September, 2008 (1)

August, 2008 (5)

April, 2008 (3)

March, 2008 (4)

January, 2008 (3)

December, 2007 (10)

November, 2007 (4)

October, 2007 (4)

September, 2007 (7)

August, 2007 (7)

April, 2007 (4)

March, 2007 (3)

February, 2007 (3)

January, 2007 (5)

December, 2006 (2)

November, 2006 (5)

October, 2006 (8)

September, 2006 (3)

August, 2006 (5)

March, 2006 (1)

January, 2006 (2)

October, 2005 (3)

September, 2005 (2)

On this page

categories

Links

IIS Email Discussion Groups

IIS-Resources.com

IIS articles and other content

IIS.net - official IIS site by the IIS team

Blogroll OPML

Awesomeideas.net

Bill Staple - IIS Product Unit Manager

IIS.net Aggregate Blog

Mike Volodarsky on the IIS team is bloggin up a storm

Search

Disclaimer

Powered by: newtelligence dasBlog 2.0.7226.0

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2010, Brett Hill

E-mail