Đang chuẩn bị liên kết để tải về tài liệu:
Seven Deadliest Microsoft Attacks phần 5

SQL từ viết tắt thực sự là viết tắt của Structured Query Language, là ngôn ngữ lập trình tiêu chuẩn sử dụng để truy cập và thao tác cơ sở dữ liệu. Ví dụ, từ một quan điểm bảo mật, bạn có thể đã nghe nói "SQL Injection" A như một hình thức của cuộc tấn công chống lại cơ sở dữ liệu SQL. Bởi vì tên SQL Server, | CHAPTER SQL Server - Stored Procedure Attacks 3 INFORMATION IN THIS CHAPTER How Stored Procedure Attacks Work Dangers Associated with a Stored Procedure Attack The Future of Stored Procedure Attacks Defense against Stored Procedure Attacks The acronym SQL actually stands for Structured Query Language which is the standard programming language utilized to access and manipulate databases. For example from a security perspective you probably have heard of SQL Injection A as a form of attack against SQL databases. Because of the name SQL Server you may think that this is a Microsoft-specific vulnerability however the SQL in SQL Injection is actually referring to the language rather than Microsoft s product. This makes it a valid attack against all databases that allow SQL queries rather than a vulnerability specific to the Microsoft product. Microsoft s SQL Server application has been around for a long time and has become more secure with each new release. Although SQL Server has had many versions there are really only five versions that you may run into today these are versions 6.5 7.0 2000 2005 and 2008. As you would expect each version has its own quirks which include both features to use and vulnerabilities that can be exploited. In all cases the Microsoft developers have included the ability to leverage reusable code to perform functions through the use of procedures stored within the database application itself. In the SQL Server world these pieces of reusable code are known as stored procedures. Stored procedures are a series of SQL statements that perform predefined tasks. This programming style is based on creating programming code to perform some specific task or function and storing it for use by your programs. This saves the aSQL Injection is discussed in detail in Mike Shema s Seven Deadliest Web Application Attacks Syngress ISBN 978-1-59749-543-1 and Clarke s SQL Injection Attacks and Defense Syngress ISBN 978-1-59749-424-3 as well as in conjunction with