Last month I told you about how Denny Cherry’s new book, Securing SQL Server had been released into the wild. Today I am here to tell you that I have added his book to my library.
I still remember the feeling I had when I was reviewing the book, the feeling that Denny knows enough about security that he is essentially an evil genius. Well, at least more evil than I am, as he was mentioning many different surface areas for attack that I had never considered. Either he has experience patching such holes, or exploiting them. I really don’t know which, but his experience shows.
One item he does mention should be familiar to most of you and that is SQL Injection. After reviewing the section I started to wonder if I could send out a tweet as an example:
SELECT cast(0x446F206E6F742072756E20636F646520796F752066696E6420696E2061205477656574 as varchar(max))
And I am always surprised when people take that code and run it (hopefully not against a production system).
Do yourself a favor and go buy a copy of the book today.
Could have been worse… You could have asked folks to run this dangerous piece of code –
select CAST(0x6E6576657220676F6E6E61206769766520796F75207570202D206E6576657220676F6E6E61206C657420796F7520646F776E202D206E6576657220676F6E6E612072756E2061726F756E6420616E642064657365727420796F752E2E2E as varchar(max))
Wow, that’s amazing! I wonder how many more people will be amazed at what that piece of code does…
But could code like that ever do something bad? It is just a SELECT statement that returns an encoded string.
Michael,
Exactly like what I did? Not that I know of. But if you pick up a copy of the book you will find a few examples of SQL injection that involved binary attacks. It really depends on how people have coded their applications.
Eeesh. Couldn’t you just use a stored procedure to validate any user?
Claire,
Could you? Absolutely!
Now…how many people actually know what they are doing…