select * from blabla where id=12323 ;shutdown

Hannes Preishuber (who I met at the summit. Hi, Hannes!) learns something very scary about TSQL.

Here are some great reasons to protect yourself from SQL Injection through things like validation (Hannes points out that a typical search for quotes won’t help in this case), using stored procedures and using least priveleged accounts for your webdatabase

Shutdown – Shuts Down SQL Server

Revoke – Revokes user permissions

Grant – Give yourself any permission you want

Drop Table /Index/Rule/Procedure Etc.

Drop Database – ouch!

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.