Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > sample validation code for sql injection attact

Reply
Thread Tools

sample validation code for sql injection attact

 
 
=?Utf-8?B?c3M=?=
Guest
Posts: n/a
 
      05-05-2006
hi,

can anybody gives me a sample code where the sql injection attack is
validated.

how can i do that in business logic layer and pass the error to the
presentation tier

I want the sample code

Thnx,
bye
ss
 
Reply With Quote
 
 
 
 
=?UTF-8?B?R8O2cmFuIEFuZGVyc3Nvbg==?=
Guest
Posts: n/a
 
      05-05-2006
If your code is safe from SQL injections, an attempt to do one shouldn't
result in an error message, as it doesn't cause any error.

The easiest way to prevent SQL injections is to use parameterized
queries. That way the command object takes care of encoding the values
correctly.

Additional security can be achieved by only using stored procedures in
the queries, and limit the database user to only have permission to run
stored procedures. That way it's not even possible to execute an SQL
query using the connection.

ss wrote:
> hi,
>
> can anybody gives me a sample code where the sql injection attack is
> validated.
>
> how can i do that in business logic layer and pass the error to the
> presentation tier
>
> I want the sample code
>
> Thnx,
> bye
> ss

 
Reply With Quote
 
 
 
 
bruce barker \(sqlwork.com\)
Guest
Posts: n/a
 
      05-05-2006
you must also insure that your stored procs are safe from injection. a lot
of the search examples in this newsgroup are not safe.

-- bruce (sqlwork.com)


"G÷ran Andersson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> If your code is safe from SQL injections, an attempt to do one shouldn't
> result in an error message, as it doesn't cause any error.
>
> The easiest way to prevent SQL injections is to use parameterized queries.
> That way the command object takes care of encoding the values correctly.
>
> Additional security can be achieved by only using stored procedures in the
> queries, and limit the database user to only have permission to run stored
> procedures. That way it's not even possible to execute an SQL query using
> the connection.
>
> ss wrote:
>> hi,
>>
>> can anybody gives me a sample code where the sql injection attack is
>> validated.
>>
>> how can i do that in business logic layer and pass the error to the
>> presentation tier
>>
>> I want the sample code
>>
>> Thnx,
>> bye
>> ss



 
Reply With Quote
 
=?Utf-8?B?c3M=?=
Guest
Posts: n/a
 
      05-09-2006
Hi,
I asked for a sample code to validate the sql injection in the business
logic layer and data access layer.

I knew these things like what to do against sql inject attack.

All that wanted is a validation logic in BLL & DAL

bye
ss

"bruce barker (sqlwork.com)" wrote:

> you must also insure that your stored procs are safe from injection. a lot
> of the search examples in this newsgroup are not safe.
>
> -- bruce (sqlwork.com)
>
>
> "G├Âran Andersson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > If your code is safe from SQL injections, an attempt to do one shouldn't
> > result in an error message, as it doesn't cause any error.
> >
> > The easiest way to prevent SQL injections is to use parameterized queries.
> > That way the command object takes care of encoding the values correctly.
> >
> > Additional security can be achieved by only using stored procedures in the
> > queries, and limit the database user to only have permission to run stored
> > procedures. That way it's not even possible to execute an SQL query using
> > the connection.
> >
> > ss wrote:
> >> hi,
> >>
> >> can anybody gives me a sample code where the sql injection attack is
> >> validated.
> >>
> >> how can i do that in business logic layer and pass the error to the
> >> presentation tier
> >>
> >> I want the sample code
> >>
> >> Thnx,
> >> bye
> >> ss

>
>
>

 
Reply With Quote
 
=?UTF-8?B?R8O2cmFuIEFuZGVyc3Nvbg==?=
Guest
Posts: n/a
 
      05-09-2006
What do you mean by validating an SQL injection attack, then?

ss wrote:
> Hi,
> I asked for a sample code to validate the sql injection in the business
> logic layer and data access layer.
>
> I knew these things like what to do against sql inject attack.
>
> All that wanted is a validation logic in BLL & DAL
>
> bye
> ss
>
> "bruce barker (sqlwork.com)" wrote:
>
>> you must also insure that your stored procs are safe from injection. a lot
>> of the search examples in this newsgroup are not safe.
>>
>> -- bruce (sqlwork.com)
>>
>>
>> "G├Âran Andersson" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> If your code is safe from SQL injections, an attempt to do one shouldn't
>>> result in an error message, as it doesn't cause any error.
>>>
>>> The easiest way to prevent SQL injections is to use parameterized queries.
>>> That way the command object takes care of encoding the values correctly.
>>>
>>> Additional security can be achieved by only using stored procedures in the
>>> queries, and limit the database user to only have permission to run stored
>>> procedures. That way it's not even possible to execute an SQL query using
>>> the connection.
>>>
>>> ss wrote:
>>>> hi,
>>>>
>>>> can anybody gives me a sample code where the sql injection attack is
>>>> validated.
>>>>
>>>> how can i do that in business logic layer and pass the error to the
>>>> presentation tier
>>>>
>>>> I want the sample code
>>>>
>>>> Thnx,
>>>> bye
>>>> ss

>>
>>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
email validation: just enough to prevent sql injection e_matthes@hotmail.com Javascript 7 10-29-2006 05:42 PM
SQL injection MattB ASP .Net 10 03-31-2005 05:57 PM
customizing validation script-injection error page. EO ASP .Net Security 0 01-21-2005 04:13 PM
Protecting SQL injection attacks (text input functino) Darrel ASP .Net 9 11-11-2004 08:39 PM
SQL Injection Attacks poppy ASP .Net 4 11-03-2004 05:56 AM



Advertisments