Recent round of SQL injection attacks

D

Dave Anderson

We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
no difference. So...

Are these hackers cargo cultists? Or am I missing something?
 
B

Bob Barrows [MVP]

Dave said:
We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last
thing the attack does is DEALLOCATE its cursor. My SQL Server DBA
tells me this makes no difference. So...

Are these hackers cargo cultists? Or am I missing something?
Click to expand...
I think it used to be necessary, at least in SQL 6.5 ... I remember
reading about all sorts of dire consequences if a cursor was not
explicitly closed and deallocated.

BOL has said since SQL7:
A cursor variable does not have to be explicitly deallocated. The
variable is implicitly deallocated when it goes out of scope.

So I guess the cargo has landed on the hackers' island...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

In the Matter of Herb Schildt: a Detailed Analysis of "C: TheComplete Nonsense" 109
comp.lang.c FAQ list Table of Contents 0
comp.lang.c FAQ list Table of Contents 0
MSDN Webcasts Presents: ASP.NET Webcast Week - January 19 - 23, 2004 0
comp.lang.vhdl FAQ part 1 of 4: general 0
comp.lang.c FAQ list Table of Contents 0
comp.lang.c Answers to Frequently Asked Questions (FAQ List) 15
comp.lang.vhdl FAQ part 3 of 4: products & services 0

Members online

Total: 62 (members: 1, guests: 61)
Robots: 414

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,705
Latest member
Stefkari24

Latest Threads

Top