469,950 Members | 2,061 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,950 developers. It's quick & easy.

Recent round of SQL injection attacks

We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
no difference. So...

Are these hackers cargo cultists? Or am I missing something?


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
Jul 2 '08 #1
1 1531
Dave Anderson wrote:
We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last
thing the attack does is DEALLOCATE its cursor. My SQL Server DBA
tells me this makes no difference. So...

Are these hackers cargo cultists? Or am I missing something?

I think it used to be necessary, at least in SQL 6.5 ... I remember
reading about all sorts of dire consequences if a cursor was not
explicitly closed and deallocated.

BOL has said since SQL7:
A cursor variable does not have to be explicitly deallocated. The
variable is implicitly deallocated when it goes out of scope.

So I guess the cargo has landed on the hackers' island...

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 2 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Martin Lucas-Smith | last post: by
2 posts views Thread by freddy | last post: by
4 posts views Thread by poppy | last post: by
5 posts views Thread by TCORDON | last post: by
5 posts views Thread by www.douglassdavis.com | last post: by
29 posts views Thread by sinbuzz | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.