September 09, 2010

Home
"For successful technology, reality must take precedence over public relations, for nature cannot be fooled."    --  Richard Feynman
Moving Sql Server Code

Great Tutorial on Preventing SQL Injection

May27

Written by:RBarryYoung
5/27/2009 8:21 PM 

Wow.  I was following a link from a forum post on SQL Injecitn that I was reaidng and it led me here. Wow.  What a great resource!  This is the kind of tutorial that Microsoft should have written years ago.  And then started promoting it to address Injection, and started following it themselves, and encouraged SW vendors to follow.  And encourage customers to require from their SW vendors.

The catch?  It's from ... Oracle.    That also means that the recommended solutions are very Oracle-specific.  The good news?  I did not see anything in there that could not be easily translated to Transact-SQL.  Happy reading!

Copyright ©2009 Barry Young

TrackbackPrint
Location: BlogsMoving SQL
Tags:

1 comment(s) so far...

Re: Great Tutorial on Preventing SQL Injection

A link you provided got me to your blog, Barry. Very cool blog! And the tutorial on SQL Injection you provided in this post has some really good tips and methods. As you say, they need a translation from Oracle to SQL Server, but the tutorial is the berries. Thanks for listing it.

--Jeff Moden

By Jeff Moden on  2/21/2010 12:02 PM

Your name:
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Add Comment  Cancel 
 

Copyright 2008 by R. Barry Young
 RBarryYoung.net  |  Terms Of Use  |  Privacy Statement