Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
greginva
Starting Member
1 Post |
 Posted - 2012-08-02 : 13:01:31
|
| I have ms sql server 2008, and I have been having some recent sql injection attacks.I am working to secure this on the interface side, but I wanted to see if I can make a trigger on several tables, or on the whole database in general. I would like to parse incoming updates/ inserts and check for certain text, ie and block it. If the text was found then do a cancel or rollback.Would this have to be table specific, or can it be a general over all db setting?Any insite or samples would be great, as I have never written triggers. |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2012-08-02 : 13:17:12
|
| why not check your param values and make sure they dont cause any injection attacks inside procs. I dont think so writing trigger for this is good idea.------------------------------------------------------------------------------------------------------SQL Server MVPhttp://visakhm.blogspot.com/ |
 |
|
|
|
|
|
Trigger to check data on insert and on update