sql injection attacks". :P Seven years doing this work, I've only ever
heard of one person actually using SQL Server's full-text indexes (and
that was someone I wasn't working with)... doesn't mean that people
aren't, but my experience has been that they're the exception rather
than the rule.
> "And then there's also the fact that
> stored procedures are immune to SQL injection attacks."
> One sidenote, it is possible to use SQL Injection attacks
> on SQL Server
> while still using stored procedures. For example using
> Full Text
> Indexing commands, it is fairly simple to provide a SQL
> injection as a
> parameter of the full text search commands. It also
> depends on how you
> build up the thing.
> Micha Schopman
> Software Engineer
> Modern Media, Databankweg 12 M, 3821 AL Amersfoort
> Tel 033-4535377, Fax 033-4535388
> KvK Amersfoort 39081679, Rabo 39.48.05.380
s. isaac dealey 954.927.5117
new epoch : isn't it time for a change?
add features without fixtures with
the onTap open source framework
http://www.sys-con.com/story/?storyid=44477&DE=1
http://www.sys-con.com/story/?storyid=45569&DE=1
http://www.fusiontap.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
