majjjj
یک شنبه 13 مرداد 1392, 12:24 عصر
It isn't true to say that SQL injection in stored procedures has no effect in SQL Server, however—if an attacker can inject SQL into a stored procedure, he can directly modify the system catalog—but only if he already had permissions that would enable him to do so. The additional risk posed by this is slight, since the attacker would already have to be an administrator in order to take advantage of any SQL injection flaw in this way—and if he is a database administrator, there are many other, far more serious things he can do to the system.
این پاراگراف برگرفته از کتاب The Database Ha*cke*r's است
این پاراگراف برگرفته از کتاب The Database Ha*cke*r's است