Rank: Member
Joined: 6/25/2008(UTC)
Posts: 9
|
I've seen a number of MS SQL injection attacks (on another ecommerce product sites) lately.
Is BVC 5 safe from SQL injection as it comes out of the box?
How about BVC 2004?
I realize any DB forms a web developer adds needs to check for punctuation to stop SQL commands from getting through. But what about as the application comes out of the box?
Thanks,
Kathy Kolb
Kolb Net Works
|
|
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC)
Posts: 2,136
Was thanked: 1 time(s) in 1 post(s)
|
The data layer in both BVC2004 and BVC5 uses parameterized commands for everything. That is generally considered sufficient to prevent SQL injection (you cannot inject sql statement within a parameter). |
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.