Recent round of SQL injection attacks

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Dave Anderson
    #1

    Recent round of SQL injection attacks

    We log hundreds of SQL injection attempts per day -- the type with
    CAST(0x44004500 ... AS VARCHAR(4000)). It amuses me that the last thing the
    attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
    no difference. So...

    Are these hackers cargo cultists? Or am I missing something?




    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms.


    Tags: None
    • Bob Barrows [MVP]
      #2
      Re: Recent round of SQL injection attacks

      Dave Anderson wrote:
      We log hundreds of SQL injection attempts per day -- the type with
      CAST(0x44004500 ... AS VARCHAR(4000)). It amuses me that the last
      thing the attack does is DEALLOCATE its cursor. My SQL Server DBA
      tells me this makes no difference. So...
      >
      Are these hackers cargo cultists? Or am I missing something?
      >
      >
      I think it used to be necessary, at least in SQL 6.5 ... I remember
      reading about all sorts of dire consequences if a cursor was not
      explicitly closed and deallocated.

      BOL has said since SQL7:
      A cursor variable does not have to be explicitly deallocated. The
      variable is implicitly deallocated when it goes out of scope.

      So I guess the cargo has landed on the hackers' island...

      --
      Microsoft MVP -- ASP/ASP.NET
      Please reply to the newsgroup. The email account listed in my From
      header is my spam trap, so I don't check it very often. You will get a
      quicker response by posting to the newsgroup.


        Comment

        Previous template Next
        Working...