Recent round of SQL injection attacks

D

Dave Anderson

We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
no difference. So...

Are these hackers cargo cultists? Or am I missing something?
 
B

Bob Barrows [MVP]

Dave said:
We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last
thing the attack does is DEALLOCATE its cursor. My SQL Server DBA
tells me this makes no difference. So...

Are these hackers cargo cultists? Or am I missing something?
I think it used to be necessary, at least in SQL 6.5 ... I remember
reading about all sorts of dire consequences if a cursor was not
explicitly closed and deallocated.

BOL has said since SQL7:
A cursor variable does not have to be explicitly deallocated. The
variable is implicitly deallocated when it goes out of scope.

So I guess the cargo has landed on the hackers' island...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top