[转载] – SQL Injection Attacks and Some Tips on How to Prevent Them

2008-10-17 作者:夏洪英
         
  • Encrypt sensitive data.
  • Access the database using an account with the least privileges necessary.
  • Install the database using an account with the least privileges necessary.
  • Ensure that data is valid.
  • Do a code review to check for the possibility of second-order attacks.
  • Use parameterised queries.
  • Use stored procedures.
  • Re-validate data in stored procedures.
  • Ensure that error messages give nothing away about the internal architecture of the application or the database.

     

    About the Author

    Colin Angus Mackay

    • 分类 :  .net相关
    标签 : 

    本文链接地址:https://blog.xsummer.cn/%5b%e8%bd%ac%e8%bd%bd%5d%20-%20sql%20injection%20attacks%20and%20some%20tips%20on%20how%20to%20prevent%20them/