There’s a lot of stuff out there about SQL injection attacks , but there’s not much that will help you figure out how to stop these attacks from occurring.
First, let’s talk about what a SQL Injection Attack really is. Some people think it’s a virus of sorts, that is “inside your site.” Not the case. These are bot attacks by other virus infected computers. They simply use a brute force approach of scanning URLs that take POST/GET inputs and attempt to send their own data to them.
So, how do you track these down and stop them? For web sites powered by Microsoft’s IIS, here are our suggestions:
1.Look at your IIS logs
Try searching for the word “DECLARE” or “EXECUTE.” If you’ve been hit by an attack, these will more than likely show up in your IIS logs — at least for any attack that was attempted using “GET” posts. If you do find any instances of “DECLARE” or “EXECUTE” these are the pages to start with.
2.Use centralized database connection handling
Simple, make a centralized file (e.g. connection.asp if you are using ASP — see our free example) that handles all of your DB access. This way, it’s easier to make sure that you are SQL encoding your pages. You can easily search queries for “DECLARE” and “EXECUTE” and stop the attacks dead in their tracks.
3.Implement a site wide solution
If you are running your own server, we highly recommend ISAPI_Rewrite from HeliconTech (http://www.helicontech.com/isapi_rewrite). This is an ISAPI filter that allows you to do a variety of things, including scan URL data. This will stop 99% of attacks without changing ANY code on your site!
Wednesday, March 3, 2010
Tuesday, March 2, 2010
SQL Server Management Studio Keyboard Shortcuts
SQL Server Management Studio offers users two keyboard schemes. By default, it uses the Standard scheme, with keyboard shortcuts based on Microsoft Visual Studio. A second scheme, called SQL Server 2000, closely resembles the tools from SQL Server 2000, in particular the keyboard shortcuts from the Query Analyzer. In a few cases, SQL Server Management Studio cannot offer the keyboard shortcuts from Query Analyzer. To change the keyboard scheme or add additional keyboard shortcuts, on the Tools menu, click Options. Select the desired keyboard scheme on the Environment, Keyboard page.
Menu Activation Keyboard Shortcuts
Action
Standard
SQL Server 2000
Move to the SQL Server Management Studio menu bar
ALT
ALT
Activate the menu for a tool component
ALT+HYPHEN
ALT+HYPHEN
Display the context menu
SHIFT+F10
SHIFT+F10
Display the New File dialog box to create a file
CTRL+N
No equivalent
Display the New Project dialog box to create a new project
CTRL+SHIFT+N
CTRL+SHIFT+N
Display the Open File dialog box to open an existing file
CTRL+O
CTRL+SHIFT+INS
Display the Open Project dialog box to open an existing project
CTRL+SHIFT+O
No equivalent
Display the Add New Item dialog box to add a new file to the current project
CTRL+SHIFT+A
No equivalent
Display the Add Existing Item dialog box to add an existing file to the current project
ALT+SHIFT+A
No equivalent
Display the Query Designer
CTRL+SHIFT+Q
CTRL+SHIFT+Q
Close a menu or dialog box, canceling the action
ESC
ESC
Menu Activation Keyboard Shortcuts
Action
Standard
SQL Server 2000
Move to the SQL Server Management Studio menu bar
ALT
ALT
Activate the menu for a tool component
ALT+HYPHEN
ALT+HYPHEN
Display the context menu
SHIFT+F10
SHIFT+F10
Display the New File dialog box to create a file
CTRL+N
No equivalent
Display the New Project dialog box to create a new project
CTRL+SHIFT+N
CTRL+SHIFT+N
Display the Open File dialog box to open an existing file
CTRL+O
CTRL+SHIFT+INS
Display the Open Project dialog box to open an existing project
CTRL+SHIFT+O
No equivalent
Display the Add New Item dialog box to add a new file to the current project
CTRL+SHIFT+A
No equivalent
Display the Add Existing Item dialog box to add an existing file to the current project
ALT+SHIFT+A
No equivalent
Display the Query Designer
CTRL+SHIFT+Q
CTRL+SHIFT+Q
Close a menu or dialog box, canceling the action
ESC
ESC
Subscribe to:
Posts (Atom)
