8 Replies - 1061 Views - Last Post: 24 February 2012 - 03:46 PM Rate Topic: -----

#1 maecy  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 19-February 12

How to secure sql database?

Posted 21 February 2012 - 05:50 PM

I am using sql database for my thesis. I want to make sure that it will not be susceptible in sql injection.. Thanks you so much. :bigsmile:
Is This A Good Question/Topic? 0
  • +

Replies To: How to secure sql database?

#2 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9080
  • View blog
  • Posts: 34,127
  • Joined: 12-June 08

Re: How to secure sql database?

Posted 21 February 2012 - 06:35 PM

You should be able to take care of that with your input... sanitize it!
Was This Post Helpful? 0
  • +
  • -

#3 maecy  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 19-February 12

Re: How to secure sql database?

Posted 21 February 2012 - 06:44 PM

Thanks for the response. Can you give me some examples of secured coding of sql database?
Was This Post Helpful? 0
  • +
  • -

#4 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9080
  • View blog
  • Posts: 34,127
  • Joined: 12-June 08

Re: How to secure sql database?

Posted 21 February 2012 - 06:46 PM

That would be hard since I have no idea how you are inputting data into your database..
Was This Post Helpful? 0
  • +
  • -

#5 maecy  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 19-February 12

Re: How to secure sql database?

Posted 21 February 2012 - 06:56 PM

private void btnAdd_Click(object sender, EventArgs e)
        {
            int i = Convert.ToInt32(textBox1.Text.ToString());
            string d = Convert.ToString(textBox2.Text);
            
            
            sql = "insert into item values ("+i+", '"+d+"')";
            db.change(sql);
            MessageBox.Show("New Record Added");
            loadData();

        }



This is a sample of how we add data. but is there any possible way to make it more secure?
Was This Post Helpful? 0
  • +
  • -

#6 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4463
  • View blog
  • Posts: 7,777
  • Joined: 08-June 10

Re: How to secure sql database?

Posted 21 February 2012 - 07:42 PM

Well, you'll have to edit your "change" method, because to do this correctly, you need to use SqlCommand with Parameters.

Here's a great example:

http://msdn.microsof...dwithvalue.aspx
Was This Post Helpful? 2
  • +
  • -

#7 scolty  Icon User is offline

  • D.I.C Regular

Reputation: 3
  • View blog
  • Posts: 259
  • Joined: 27-April 11

Re: How to secure sql database?

Posted 23 February 2012 - 03:08 PM

You could also look into stored procedures. I tried to create them in VS but i couldnt get it to work. You can create them in SQL server and then call them and pass the necessary parameters as well.

Vid

Good luck
Was This Post Helpful? 0
  • +
  • -

#8 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4463
  • View blog
  • Posts: 7,777
  • Joined: 08-June 10

Re: How to secure sql database?

Posted 23 February 2012 - 03:57 PM

Stored procedures can still be manipulated if their inputs aren't sanitized (it's just harder). Always use parameters, no matter what.
Was This Post Helpful? 1
  • +
  • -

#9 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4463
  • View blog
  • Posts: 7,777
  • Joined: 08-June 10

Re: How to secure sql database?

Posted 24 February 2012 - 03:46 PM

Wrote a tutorial on the topic of parameterizing queries, since it always comes up:

http://www.dreaminco...ery-a-database/
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1