Comments for Musings on Database Security http://www.slaviks-blog.com Slavik's Blog Sat, 05 Jul 2008 08:54:44 +0000 http://wordpress.org/?v=2.5.1 Comment on Mass SQL Injection attack is still out there by Slavik http://www.slaviks-blog.com/2008/06/20/mass-sql-injection-attack-is-still-out-there/#comment-1546 Slavik Thu, 26 Jun 2008 09:09:53 +0000 http://www.slaviks-blog.com/?p=57#comment-1546 @Qwaider - The attacks are automated coming from a zombie botnet so they will keep trying to hit your site even if you are not vulnerable. Thanks for the suggestion about ';'. Actually, the last replace will replace ';' with ','. @Qwaider - The attacks are automated coming from a zombie botnet so they will keep trying to hit your site even if you are not vulnerable. Thanks for the suggestion about ‘;’. Actually, the last replace will replace ‘;’ with ‘,’.

]]> Comment on Mass SQL Injection attack is still out there by Luary http://www.slaviks-blog.com/2008/06/20/mass-sql-injection-attack-is-still-out-there/#comment-1530 Luary Thu, 26 Jun 2008 01:07:57 +0000 http://www.slaviks-blog.com/?p=57#comment-1530 The regular expression did not work in my case. I ended up doing a Split(stringtoscan, ";")(0) and with that result replaced "'" with "''", removing "@" as well as removing SQL key words such as DROP, EXECUTE, UPDATE, etc. The regular expression did not work in my case. I ended up doing a Split(stringtoscan, “;”)(0) and with that result replaced “‘” with “””, removing “@” as well as removing SQL key words such as DROP, EXECUTE, UPDATE, etc.

]]> Comment on Mass SQL Injection attack is still out there by Qwaider http://www.slaviks-blog.com/2008/06/20/mass-sql-injection-attack-is-still-out-there/#comment-1461 Qwaider Tue, 24 Jun 2008 19:52:40 +0000 http://www.slaviks-blog.com/?p=57#comment-1461 I'm facing the very same attack, and I'm monitoring it very closely. I wish I could figure out what these people want. I mean, it's obvious that I've got everything parametrized and they will not get through. But this doesnt stop them from trying as I can see it. Quick suggestion on your function above. Unless the querystring has a use for ";", you might want to check for that in specific simply because someone might have ";drop" or something else that could be harmful Just my 2c I’m facing the very same attack, and I’m monitoring it very closely. I wish I could figure out what these people want. I mean, it’s obvious that I’ve got everything parametrized and they will not get through. But this doesnt stop them from trying as I can see it.

Quick suggestion on your function above. Unless the querystring has a use for “;”, you might want to check for that in specific simply because someone might have “;drop” or something else that could be harmful

Just my 2c

]]> Comment on Mass SQL Injection attack is still out there by DBA http://www.slaviks-blog.com/2008/06/20/mass-sql-injection-attack-is-still-out-there/#comment-1458 DBA Tue, 24 Jun 2008 19:19:27 +0000 http://www.slaviks-blog.com/?p=57#comment-1458 THANK YOU VERY MUCH FOR THIS FIX. THANK YOU VERY MUCH FOR THIS FIX.

]]> Comment on So, you think you’ve removed that sensitive data by So, you think you’ve removed that sensitive data (part II) » Musings on Database Security http://www.slaviks-blog.com/2008/05/26/so-you-think-youve-removed-that-sensitive-data/#comment-1163 So, you think you’ve removed that sensitive data (part II) » Musings on Database Security Tue, 03 Jun 2008 00:55:32 +0000 http://www.slaviks-blog.com/?p=54#comment-1163 [...] I wrote in a previous post, truncating tables or scrambling content might not remove the actual data from the datafiles. The [...] [...] I wrote in a previous post, truncating tables or scrambling content might not remove the actual data from the datafiles. The [...]

]]> Comment on So, you think you’ve removed that sensitive data by Paul Vallee http://www.slaviks-blog.com/2008/05/26/so-you-think-youve-removed-that-sensitive-data/#comment-1161 Paul Vallee Sat, 31 May 2008 10:37:43 +0000 http://www.slaviks-blog.com/?p=54#comment-1161 Hi Slavik, You could take a look at a company called Plato Systems. They make a special purpose software suite especially designed for the use case you describe, called "camouflage". You can find out more about them at <a href="http://www.datamasking.com/" rel="nofollow">http://www.datamasking.com</a>. HTH Paul Hi Slavik,

You could take a look at a company called Plato Systems. They make a special purpose software suite especially designed for the use case you describe, called “camouflage”. You can find out more about them at http://www.datamasking.com.

HTH

Paul

]]>