This is cache of http://infocentric.typepad.com/blog/2008/05/stored-procedur.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Stored Procedures and SQL Injection
2008-05-16 10:43:56 by Adrian Lane in Information Centric Security
 
There is a nice post by Michael Howard on a couple simple steps to help mitigate SQL Injection attacks over on the Security Development Lifecycle blog this morning. Simple steps that are effective by reducing the avenues of attack or reducing the assumptions of trust between the application and the database. However wanted to add a couple of comments onto this subject that I believe add some value to the suggestions he made. Specifically: -Don't allow create/modify procedure permissions -Use a dedicated,non-admin database user account -Don't use external stored procedures
 
Tags: couple simple steps, couple, simple steps, sql injection attacks, procedure permissions -use, procedures, michael howard, nice post, attack
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia