How Can Sql Injection Be Stopped?

1.	How Can Sql Injection Be Stopped?
Answer» DevelopmentDBA: Validate the SQL commands that are being passed by the front END Validate the length and DATA TYPE per parameter Convert dynamic SQL to stored procedures with parameters Prevent any commands from executing with the combination of or all of the following commands: semi-colon, EXEC, CAST,SET, two dashes, apostrophe, etc. Based on your front end programming language determine what special CHARACTERS should be removed before any commands are passed to SQL Server Network Administration Prevent traffic from particular IP addresses or domains Review the firewall settings to determine if SQL Injection attacks can prevented Remove old web pages and directories that are no longer in use because these can be crawled and exploited DevelopmentDBA:

Answer»

DevelopmentDBA:

Validate the SQL commands that are being passed by the front END
Validate the length and DATA TYPE per parameter
Convert dynamic SQL to stored procedures with parameters
Prevent any commands from executing with the combination of or all of the following commands: semi-colon, EXEC, CAST,SET, two dashes, apostrophe, etc.
Based on your front end programming language determine what special CHARACTERS should be removed before any commands are passed to SQL Server
Network Administration
Prevent traffic from particular IP addresses or domains
Review the firewall settings to determine if SQL Injection attacks can prevented
Remove old web pages and directories that are no longer in use because these can be crawled and exploited

DevelopmentDBA:

Discussion