Full Disclosure mailing list archives
RE: Antitoxin for "SQL Injection" (?)
From: "Sen, Adem" <asen-public () sage de>
Date: Mon, 2 Jan 2006 23:15:22 +0100
Hi Devdas, Do STORED PROCEDURES really protect against any kind of SQL Injection? I have read many articles about, some say they are and some say they are NOT! Isn't there any way to do code injection into a SP or are they fully-secure against Injections? I think it is clear, that SP's make your web-app less dynamic? Thanks! Adem Sen
Devdas wrote: Ugh! Why do you not use stored procedures and bind parameters, which
is
the right way to do it? Devdas Bhagat _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Antitoxin for "SQL Injection" (?) Sen, Adem (Jan 02)
- Re: Antitoxin for "SQL Injection" (?) Devdas Bhagat (Jan 02)
- Re: Antitoxin for "SQL Injection" (?) Vulnerability Management (Jan 02)
- <Possible follow-ups>
- RE: Antitoxin for "SQL Injection" (?) Sen, Adem (Jan 02)
- Re: Antitoxin for "SQL Injection" (?) James Tucker (Jan 02)
- Re: Antitoxin for "SQL Injection" (?) Jan Muenther (Jan 03)
- Re: Antitoxin for "SQL Injection" (?) Marco Ermini (Jan 03)