sample validation code for sql injection attact

Discussion in 'ASP .Net' started by =?Utf-8?B?c3M=?=, May 5, 2006.

  1. hi,

    can anybody gives me a sample code where the sql injection attack is
    validated.

    how can i do that in business logic layer and pass the error to the
    presentation tier

    I want the sample code

    Thnx,
    bye
    ss
     
    =?Utf-8?B?c3M=?=, May 5, 2006
    #1
    1. Advertising

  2. If your code is safe from SQL injections, an attempt to do one shouldn't
    result in an error message, as it doesn't cause any error.

    The easiest way to prevent SQL injections is to use parameterized
    queries. That way the command object takes care of encoding the values
    correctly.

    Additional security can be achieved by only using stored procedures in
    the queries, and limit the database user to only have permission to run
    stored procedures. That way it's not even possible to execute an SQL
    query using the connection.

    ss wrote:
    > hi,
    >
    > can anybody gives me a sample code where the sql injection attack is
    > validated.
    >
    > how can i do that in business logic layer and pass the error to the
    > presentation tier
    >
    > I want the sample code
    >
    > Thnx,
    > bye
    > ss
     
    =?UTF-8?B?R8O2cmFuIEFuZGVyc3Nvbg==?=, May 5, 2006
    #2
    1. Advertising

  3. you must also insure that your stored procs are safe from injection. a lot
    of the search examples in this newsgroup are not safe.

    -- bruce (sqlwork.com)


    "Göran Andersson" <> wrote in message
    news:...
    > If your code is safe from SQL injections, an attempt to do one shouldn't
    > result in an error message, as it doesn't cause any error.
    >
    > The easiest way to prevent SQL injections is to use parameterized queries.
    > That way the command object takes care of encoding the values correctly.
    >
    > Additional security can be achieved by only using stored procedures in the
    > queries, and limit the database user to only have permission to run stored
    > procedures. That way it's not even possible to execute an SQL query using
    > the connection.
    >
    > ss wrote:
    >> hi,
    >>
    >> can anybody gives me a sample code where the sql injection attack is
    >> validated.
    >>
    >> how can i do that in business logic layer and pass the error to the
    >> presentation tier
    >>
    >> I want the sample code
    >>
    >> Thnx,
    >> bye
    >> ss
     
    bruce barker \(sqlwork.com\), May 5, 2006
    #3
  4. Hi,
    I asked for a sample code to validate the sql injection in the business
    logic layer and data access layer.

    I knew these things like what to do against sql inject attack.

    All that wanted is a validation logic in BLL & DAL

    bye
    ss

    "bruce barker (sqlwork.com)" wrote:

    > you must also insure that your stored procs are safe from injection. a lot
    > of the search examples in this newsgroup are not safe.
    >
    > -- bruce (sqlwork.com)
    >
    >
    > "Göran Andersson" <> wrote in message
    > news:...
    > > If your code is safe from SQL injections, an attempt to do one shouldn't
    > > result in an error message, as it doesn't cause any error.
    > >
    > > The easiest way to prevent SQL injections is to use parameterized queries.
    > > That way the command object takes care of encoding the values correctly.
    > >
    > > Additional security can be achieved by only using stored procedures in the
    > > queries, and limit the database user to only have permission to run stored
    > > procedures. That way it's not even possible to execute an SQL query using
    > > the connection.
    > >
    > > ss wrote:
    > >> hi,
    > >>
    > >> can anybody gives me a sample code where the sql injection attack is
    > >> validated.
    > >>
    > >> how can i do that in business logic layer and pass the error to the
    > >> presentation tier
    > >>
    > >> I want the sample code
    > >>
    > >> Thnx,
    > >> bye
    > >> ss

    >
    >
    >
     
    =?Utf-8?B?c3M=?=, May 9, 2006
    #4
  5. What do you mean by validating an SQL injection attack, then?

    ss wrote:
    > Hi,
    > I asked for a sample code to validate the sql injection in the business
    > logic layer and data access layer.
    >
    > I knew these things like what to do against sql inject attack.
    >
    > All that wanted is a validation logic in BLL & DAL
    >
    > bye
    > ss
    >
    > "bruce barker (sqlwork.com)" wrote:
    >
    >> you must also insure that your stored procs are safe from injection. a lot
    >> of the search examples in this newsgroup are not safe.
    >>
    >> -- bruce (sqlwork.com)
    >>
    >>
    >> "Göran Andersson" <> wrote in message
    >> news:...
    >>> If your code is safe from SQL injections, an attempt to do one shouldn't
    >>> result in an error message, as it doesn't cause any error.
    >>>
    >>> The easiest way to prevent SQL injections is to use parameterized queries.
    >>> That way the command object takes care of encoding the values correctly.
    >>>
    >>> Additional security can be achieved by only using stored procedures in the
    >>> queries, and limit the database user to only have permission to run stored
    >>> procedures. That way it's not even possible to execute an SQL query using
    >>> the connection.
    >>>
    >>> ss wrote:
    >>>> hi,
    >>>>
    >>>> can anybody gives me a sample code where the sql injection attack is
    >>>> validated.
    >>>>
    >>>> how can i do that in business logic layer and pass the error to the
    >>>> presentation tier
    >>>>
    >>>> I want the sample code
    >>>>
    >>>> Thnx,
    >>>> bye
    >>>> ss

    >>
    >>
     
    =?UTF-8?B?R8O2cmFuIEFuZGVyc3Nvbg==?=, May 9, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jake
    Replies:
    0
    Views:
    563
  2. EO
    Replies:
    0
    Views:
    132
  3. Replies:
    7
    Views:
    151
  4. Tim Chase
    Replies:
    0
    Views:
    76
    Tim Chase
    Feb 16, 2014
  5. Terry Reedy
    Replies:
    0
    Views:
    84
    Terry Reedy
    Feb 16, 2014
Loading...

Share This Page