Martin Poon - Microsoft MVP blog [SQL Server]
SQL Server... & more
Browse by Tags
All Tags
»
Security
(
RSS
)
Oracle
SQL Server
T-SQL
Lateral SQL injection in Oracle
David Litchfield has just released a paper, showing that it is possible to do SQL injection using DATE or even NUMBER data types to exploit a PL/SQL procedure in Oracle RDBMS! The attacker can exploit a PL/SQL procedure that doesn't even take user...
Enabling xp_cmdshell in SQL Server 2005
xp_cmdshell is used to spawn a Windows command shell and executes a command line process by the operating system. In order to minimize the security risk of executing malicious code outside SQL Server 2005, xp_cmdshell is disabled by default, and the following...
SQL Server service pack installation may save the system administrator password in a file for SQL Server 7.0 and SQL Server 2000
During the installation of SQL Server products and service packs, the password(s) of system administrator (sa) and/or SQL Server Sevices domain account may be stored as clear text or weakly encrypted readable format in the SQL Server Setup files and/or...
Search
Go
This Blog
Home
Tags
.NET
2008
beta
download
Excel
Expression
MSDN
Office
PowerPoint
Project
Security
Service Pack
SharePoint
SQL Server
TFS
T-SQL
Visio
Vista
Visual Studio
VS2005
VSTO
VSTS
Windows Presentation Foundation
Word
WPF
Community
Home
Blogs
Media
Groups
Archives
August 2008 (1)
July 2008 (1)
May 2008 (3)
April 2008 (2)
March 2008 (3)
February 2008 (1)
January 2008 (2)
December 2007 (1)
November 2007 (1)
October 2007 (3)
July 2007 (2)
June 2007 (4)
May 2007 (4)
March 2007 (1)
February 2007 (4)
January 2007 (1)
December 2006 (4)
November 2006 (6)
October 2006 (3)
September 2006 (5)
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go