SQL Injection Detection

From: jvuillermet (no-spam_at_no-spam.com)
Date: 04/29/04

Next message: jvuillermet: "Security : ODBC provider vs OLE-DB provider"

Previous message: JRE: "Newbee password question"
Next in thread: Diabolik: "RE: SQL Injection Detection"
Reply: Diabolik: "RE: SQL Injection Detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Apr 2004 23:26:20 +0200

Is it possible to detect an SQL Injection by filtering SQL query strings at
the server side, before the engine level ?

For example, if in a SQL query string "--" is present, so the filter stop
the query before execution.

Jacques.

Next message: jvuillermet: "Security : ODBC provider vs OLE-DB provider"

Previous message: JRE: "Newbee password question"
Next in thread: Diabolik: "RE: SQL Injection Detection"
Reply: Diabolik: "RE: SQL Injection Detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Newsgroups > microsoft.public.sqlserver.security > 2004-04