Comments on: How Microsoft UK got hacked and how you can learn from their mistakes http://jesscoburn.com/archives/2007/08/01/how-microsoft-uk-got-hacked-and-how-you-can-learn-from-their-mistakes/ Windows Web Hosting, Web Technologies, etc Thu, 09 Feb 2012 13:10:30 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: (bs.) http://jesscoburn.com/archives/2007/08/01/how-microsoft-uk-got-hacked-and-how-you-can-learn-from-their-mistakes/comment-page-1/#comment-3101 (bs.) Sat, 04 Aug 2007 14:12:59 +0000 http://jesscoburn.com/archives/2007/08/01/how-microsoft-uk-got-hacked-and-how-you-can-learn-from-their-mistakes/#comment-3101 Great post, Jess. Thanks! I haven't used inline SQL since .net 1.1 - Stored procs are always the way to go. But with .net 2.0, you can use inline queries against your datastore in an ObjectDataSource. Does this compromise security and leave one open to SQL Injection. My initial thought would be yes, because you're not calling a stored procedure, but then I doubt, thinking that Microsoft has to have accounted for that. Perhaps I'm missing something, I'm only 6 months into the 2.0 framework and 3.5 is already ramping up and deploying... Can't ever stay on top of technology. Not sanely, at least. Goodday, Jess! (bs.) Great post, Jess. Thanks!

I haven't used inline SQL since .net 1.1 – Stored procs are always the way to go. But with .net 2.0, you can use inline queries against your datastore in an ObjectDataSource. Does this compromise security and leave one open to SQL Injection. My initial thought would be yes, because you're not calling a stored procedure, but then I doubt, thinking that Microsoft has to have accounted for that.

Perhaps I'm missing something, I'm only 6 months into the 2.0 framework and 3.5 is already ramping up and deploying… Can't ever stay on top of technology. Not sanely, at least.

Goodday, Jess!

(bs.)

]]>