[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Antitoxin for "SQL Injection" (?)

To: "Devdas Bhagat" <devdas@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] Antitoxin for "SQL Injection" (?)
From: "Sen, Adem" <asen-public@xxxxxxx>
Date: Mon, 2 Jan 2006 23:15:22 +0100

Hi Devdas,

Do STORED PROCEDURES really protect against any kind of SQL Injection? I
have read many articles about, some say they are and some say they are
NOT!

Isn't there any way to do code injection into a SP or are they
fully-secure against Injections?

I think it is clear, that SP's make your web-app less dynamic?

Thanks!
Adem Sen

> Devdas wrote:
> Ugh! Why do you not use stored procedures and bind parameters, which
is
> the right way to do it?
> 
> Devdas Bhagat
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Antitoxin for "SQL Injection" (?)
  - From: James Tucker
- Re: [Full-disclosure] Antitoxin for "SQL Injection" (?)
  - From: Jan Muenther

Prev by Date: Re: [Full-disclosure] Trojan found on Linux server
Next by Date: Re: [Full-disclosure] Trojan found on Linux server
Previous by thread: Re: [Full-disclosure] Antitoxin for "SQL Injection" (?)
Next by thread: Re: [Full-disclosure] Antitoxin for "SQL Injection" (?)
Index(es):
- Date
- Thread