thoughts for the day...
A couple of days ago, a russian hacker tried to use a sql injection attack against one of the sites that I support. The attack was really pretty simple--a script tagged on to the querystring of one of the pages. The intent of the script was to update every column in every table with a bit of javascript that would redirect a viewing user to a web site hosting a virus.
We've been hearing about SQL Injection for several years now, and I'm glad that my security measures stood up to this attack. It's sobering that there are people out there who initiate this kind of vandalism.
On a slightly different front, I've found that two web sites that use sql express and user instances and have mdf files with the same name seem to conflict. The conflict causes the sql servers to hang indefinitely until restarted. Changing the names of the mdf files so that they are different seems to fix the problem.
I've found this useful blog that covers some SQL Express hosting issues:
http://blogs.msdn.com/sqlexpress/archive/2008/02/22/sql-server-express-and-hosting.aspx
A couple of days ago, a russian hacker tried to use a sql injection attack against one of the sites that I support. The attack was really pretty simple--a script tagged on to the querystring of one of the pages. The intent of the script was to update every column in every table with a bit of javascript that would redirect a viewing user to a web site hosting a virus.
We've been hearing about SQL Injection for several years now, and I'm glad that my security measures stood up to this attack. It's sobering that there are people out there who initiate this kind of vandalism.
On a slightly different front, I've found that two web sites that use sql express and user instances and have mdf files with the same name seem to conflict. The conflict causes the sql servers to hang indefinitely until restarted. Changing the names of the mdf files so that they are different seems to fix the problem.
I've found this useful blog that covers some SQL Express hosting issues:
http://blogs.msdn.com/sqlexpress/archive/2008/02/22/sql-server-express-and-hosting.aspx
0 Comments:
Post a Comment
<< Home