Home > Ask the SQL Server Experts > Steven Andres - Security Questions & Answers > Protect against SQL Injection by whitelisting
Ask The SQL Server Expert: Questions & Answers
EMAIL THIS

Protect against SQL Injection by whitelisting

Steven Andres EXPERT RESPONSE FROM: Steven Andres

Pose a Question
Other SQL Server Categories
Meet all SQL Server Experts
Become an Expert for this site


Expert advice on database administration
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 23 March 2007
OK, admittedly the best practice for guarding against SQL Injection attacks is to white-list acceptable characters. However, given that knowledge is power, is there a comprehensive list of special characters (such as the single-quote or double-hyphen) available for SQL Server? I have done a ton of searches and can't seem to find one (I did find the reserved words).


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Steven Andres - Security
Creating a SQL Server user authentication schema
Could a join of encrypted SQL Server data have a problem?
SQL Server connection lost when SA password is changed
How to set SQL Server password for SA login
Creating a login in SQL Server 2000 Enterprise Manager
Code to connect SQL Server 7.0 to Visual Basic 6.0
Set SQL Server password on database in version 7.0
Solve SQL Server permissions and authentication problems
Create username and password for new SQL Server database
Recover password in SQL Server 2000

SQL Server security
Implementing security audit in SQL Server 2008
Tutorial: Learn SQL Server basics from A-Z
New security features in SQL Server 2008 leave some work for you
Can I encrypt and restore a database backup in SQL Server 2005?
FAQ: How to troubleshoot and grant SQL Server permissions
Secure SQL Server from SQL injection attacks
How insiders hack SQL databases with free tools and a little luck
Sarbanes-Oxley compliance checklist: IT security and SQL audits
SQL Server source code analysis and management adds database security
Ten common SQL Server security vulnerabilities you may be overlooking

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
data corruption  (SearchSQLServer.com)
data hiding  (SearchSQLServer.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



SQL Solutions - SQL Database Design
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2005 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts