 |
|
SQL Server Tips by Burleson |
Ideas to prevent script injection
The best way to avoid this security issue is to use XP_DISKLOG to
log into a text file, instead of running XP_CMDSHELL. Checking the
length of the input will prevent attacks that take advantage of
truncating the input. Filtering invalid characters will help by not
allowing certain keywords as part of the input and if such incidents
are recorded it will also work as a forensic tool.
Buffer overflows
This section describes the buffer overflow exploit, how to use the
debugger in detail and how to look for security issues in the code.
The most common hacking attack or, at least, the most heard of is
the buffer overflow.
There are other techniques: heap overflow, integer overflow, format
string exploitation, etc but they are not as "famous".
Poor programming and even poorer testing cause a buffer overflow.
The flaw on the code is just sitting there, waiting for a hacker to
exploit it. The code will fail to prevent data input from exceeding
the allocated buffer size and leaking into the adjacent memory. If
effectively exploited it should run arbitrary code sent with the
data input.
xp_buffov
This XP has one call to function “test” which has one local variable
with a fixed length (ten bytes) and there is some limited protection
by rejecting input data over twenty bytes of length. However, the
buffer in the function is only ten bytes long and it will suffer a
buffer overflow.
The above book excerpt is from:
Super SQL
Server Systems
Turbocharge Database Performance with C++ External Procedures
ISBN:
0-9761573-2-2
Joseph Gama, P. J. Naughter
http://www.rampant-books.com/book_2005_2_sql_server_external_procedures.htm |
