SQL injection attacks
Posted Mar 31, 2006 11:06 UTC (Fri) by pdc
In reply to: SQL injection attacks
Parent article: SQL injection attacks
To try to avoid this we do all access from a web app to the SQL Server database via stored procedures, with user input passed as parameters. At least then you can reastrict the privileges of the web application to just the procedures it needs to use. Makes the database development rather tedious, however.
to post comments)