Websites Design

SEO

Blog

Share |

RSS 2.0

ATOM 1.0

Topics

Home
Website Design (1)
Apple iPad (3)
SQL Server 2008 (0)
SQL Server 2005 (59)
Adobe Business Catalyst (5)
SQL Server 2005 Compact Edition (1)
SQL CLR (0)
Integration Services 2005 / SSIS (DTS) (11)
Reporting Services 2005 (2)
SQL Server User Group (5)
Database Design (6)
VSTS for Database Professionals (17)
SQL Server 2000 (17)
What I'm Reading (6)
.NET Programming (1)
Microsoft Windows Server (1)
GeekLog (5)
General News (18)
Glossary (3)

User Functions

Don't have an account yet? Sign up as a New User
Lost your password?

SQL Truncation Attacks

SQL injection attacks are nothing new and hopefully everyone is protecting themselves from it.

An interesting by-product of the standard method of protection from the basic sql injection attack (replace single quotes with two single quotes) is increasing the size of the original value. When building a command in a variable, its possible to truncate the original WHERE conditions allowing the attacker to affect much more data than the developer intended.

Bala Neerumalla has written a detailed article for MSDN Magazine with background on the attack methods, some excellent examples, and methods for detecting and preventing SQL Truncation attacks. Definately worth reading and implementing.

Share

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.julian-kuiters.id.au/trackback.php/sqlserver2005-truncation-attack

Here's what others have to say about 'SQL Truncation Attacks':

Laura Biagiotti parfum from Laura Biagiotti parfum
Een heerlijke bloemige geur, met een modern karakter [read more]
Tracked on Sunday, December 13 2009 @ 01:02 AM EST

SQL Truncation Attacks | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Gold Coast Aquarium Maintenance | Gold Coast Marine Fish | Gold Coast Tropical Fish
Jewel Jones - Counselling Service - Penrith, Richmond

SQL

Follow us on twitter

About Dreaming Boy Technology

We are a web design, web programming, web hosting and print design business.

We have over 13 years experience designing and building websites. We can handle websites of all sizes, from a simple web presence to a fully customised database driven website designed to handle thousands of customers a minute.

We can create you a custom website from scratch - that meets your needs as a business. And we can update your existing website if you wish.

Our design services can produce stunning website, print and logo designs that will create a recognisable brand for your business and invoke customer loyalty.

Our aim is to increase your sales and increase your customers through brand recognition and targeted marketing

Subscribe

Topics

User Functions

SQL Truncation Attacks

What's Related

Story Options

Trackback

SQL

Follow us on twitter

About Dreaming Boy Technology

About Dreaming Boy Technology

Client Sites