.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Data Security: Stop SQL Injection Attacks Before They Stop You

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

To execute a SQL injection attack, a hacker writes a Web page that captures text in a textbox to be used to execute a query against a database. The hacker enters a malformed SQL statement into the textbox that causes the back-end database to perform operations the owners did not intend it to perform, like making unauthorized updates. This article explains how you can protect against the all too common SQL injection attack in your own database. The steps covered include data validation, proper exception handing, and much more.

Paul Litwin

MSDN Magazine September 2004

View Complete Post

More Related Resource Links

how to stop refresing data grid when selection changed

Hi , I have datagrid on my page bounded with linq datasource. I want to stop refresing datagrid when I need to show details of selected row. Could you please help me to do that. Regards Reside 

Is it possible to stop a subscription from mailing if there is no data contained?


I have got a report that mails everyday a set of raw data, I only have to mail the report if there is data in the report, is it possible to have a check inside the subscription to only email if the report has data?


I am running a SSRS 2005 Reporting Enviroment.\

Thanks in Advance


Stop Sorting Cross Tab Report Header


Dear, I want to stop sorting in cross tab report header. And also want to sort in specific order. How can i do that? Please help me. Its urgent


Security Briefs: Regular Expression Denial of Service Attacks and Defenses


Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010

Cloud Security: Crypto Services and Data Security in Windows Azure


Many early adopters cloud platforms have questions about security. We review some of the cryptography services and providers in Windows Azure along with some security implications for applications in the cloud.

Jonathan Wiggs

MSDN Magazine January 2010

Security Briefs: XML Denial of Service Attacks and Defenses


This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009

SQL Security: New SQL Truncation Attacks And How To Avoid Them


Exploits using SQL injection have drawn a lot of attention for their ability to get through firewalls and intrusion detection systems to compromise your data layers. Whether it's a first-order or second-order injection, if you look at the basic code pattern, it is similar to any other injection issue where you use untrusted data in the construction of a statement.

Bala Neerumalla

MSDN Magazine November 2006

Security in IIS 6.0: Innovations in Internet Information Services Let You Tightly Guard Secure Data


Security improvements have been a top priority in the evolution of IIS. IIS 6.0, which will be part of Windows .NET Server, has improved security features and a new approach to server configuration. New security-related tools for IIS, including IIS LockDown, make securing your server against attack easier than ever. The author explains how and why you can shut down services with IIS LockDown. He discusses limiting port access with TCP/IP filtering, controlling how files are served with extension mapping, what's new for Secure Sockets Layer, the use of URLScan, and more.

Wayne Berry

MSDN Magazine September 2002

Security: Protect Private Data with the Cryptography Namespaces of the .NET Framework


The .NET Framework includes a set of cryptographic services that extend the services provided by Windows through the Crypto API. In this article, the author explores the System.Security.Cryptography namespace and the programming model used to apply cryptographic transformations. He discusses reasons why cryptography is easier in .NET than it was before, including the easy programmatic acccess developers have to the cryptography APIs and the difference between symmetric and asymmetric algorithms. Along the way, a brief discussion of the most widely used algorithms, including RSA, DSA, Rijndael, SHA, and other hash algorithms, is provided.

Dan Fox

MSDN Magazine June 2002

How to stop the repeated database queries for roles


Hello, friends,

We have a web application using VS 2008, c#. We try to filter siteMap nodes based on security roles. We have our customized the mether GetRolesForUser() in RoleProvider class to determine a user's role. In this method, roles will be returned by querying an SQL Server database.

However, we found that each time a page was loaded/refershed, this  GetRolesForUser() was called, and the database would be queried. This is too MUCH and expensive.

We thought the roles should be queried only once when a user logs in. After that, role info should be stored somewhere for this user, rather than query DB all the time.

Any ideas, reference paper, snipet,...,?

Thanks a lot!

how to start and stop thread with button


hi all,

i am new to threading.

im trying to write a simple application which will update a textbox (on other thread) when button clicked.

and stops when clicking on "stop".


when i click on the "start" it  starts but for some reason the app freezes, when i debug the prog i can see it  is running  but the main window stays frozen.


please help.

How to stop unauthorized users from sending documents to a Records Center site?


I can't find a way to stop unauthorized users from sending documents to a Records Center site. Can someone please help me? Do i need to configure anything to restrict it to the members of the web submitters group?

I'm still using MOSS2007


The impossibility of doing things depends on your will to do it.

How do I get Decimal.Parse to stop taking current culture into account?

How do I get Decimal.Parse to stop taking current culture into account?   I tried the following but I get an error saying “String was not recognized as a valid DateTime.   Thread.CurrentThread.CurrentCulture = new CultureInfo("en-us");   Decimal.Parse("5000.000,51",CultureInfo.InvariantCulture)

How to stop blurring of barcode images

I have a custom DLL that has a function that takes a string and returns a raster image(PNG) of a Code 128 barcode. That works fine, no problem. The barcode rendered does *not* use a font, it physically renders rectangles with precise pixel widths to generate the barcode. This is necessary because the laser expects a discrete stop of a "bar" and beginning of a "space". -- Image properties->Size is set to "Original Size" So I look at the report viewer, and I see barcodes. Cool. HOWEVER ... when I zoom in at about 400% I start to see blurring at the edges of the bars. It also prints this way. This is unacceptable. So then, within report viewer, (this is the same report!) I export the report to PDF. No blurring, not at 500%, not at 2000% not at any zoom level. In the PDF, there is a sharp, precise, quantum drop from black to white with *no* blurring whatsoever. On pixel is 0x000000 and the next is 0xFFFFFF. The PDF also prints this way. This is correct behavior. I cannot have the user export the report to PDF before printing it. This is a production shop, and I can't have folks taking twice as long to do a task. MY QUESTION: How do I instruct, how do I force SSRS to simply render the image as I have presented it and not tinker with it? This is a bit annoying. If my function returns a 200x50 image, SSRS may trust that that is what is t

System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlCli

I have created a windows library control that accesses a local sql database I tried the following strings for connecting Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Trusted_Connection = true" Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Integrated Security=SSPI"   I am not running the webpage in a virtual directory but in C:\Inetpub\wwwroot\usercontrol and I have a simple index.html that tries to read from an sql db but throws the error System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)   at System.Security.PermissionSet.Demand()   at System.Data.Common.DbConnectionOptions.DemandPermission()   at System.Data.SqlClient.SqlConnection.PermissionDemand()   at System.Data.SqlClient.SqlConnectionFactory.PermissionDemand(DbConnection outerConnection)   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, etc etc  The action that failed was:DemandThe type of the first permission that failed was:System.Data.SqlClient.SqlClientPermissionThe Zone of the assembly that fa

Injection attacks

How do we protect our site fomr SQL Injection attacks, among other security  practices?

Notify, SQL server services stop

Is there any query to notify the user when the SQL server servies is stopped.? Thanks in advance.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend