Thursday 6 January 2005 — This is over 18 years old. Be careful.
Steve Friedl has written a detailed and comprehensive guide to how to crack into relational-based systems: SQL Injection Attacks by Example. Also included (for those of us on the hook for building these systems) are tips for how to prevent injection attacks.
My preference has always been for the application to do all its work via stored procedures; you can then give the database user the applciation connects as no INSERT or UPDATE privileges at all.
Add a comment: