Tag Archives: security

T-SQL Tuesday #63 – Security

Posted on February 10, 2015 by way0utwest

It’s T-SQL Tuesday time again and this month we look at security. Kenneth Fisher has chosen this as his topic for February and you can read his invite here. There are lots of choices on what you write about, and … Continue reading

Posted in Blog | Tagged , , | 3 Comments

It’s a Problem When a SysAdmin Can’t Log In

Posted on January 12, 2015 by way0utwest

I showcased a demo recently that looked at a potential issue with an application where a user used a simple update statement to gain privileged access to a system. That’s scary, and it’s a potential issue for many applications that … Continue reading

Posted in Blog | Tagged , | Comments Off on It’s a Problem When a SysAdmin Can’t Log In

Beware of Login Issues for Privileged Accounts

Posted on January 5, 2015 by way0utwest

In a recent post, I described an attack against a privileged account using a simple SQL Injection technique of updating data in a table. One of the things showed was an administrator using their user and password credentials, but being … Continue reading

Posted in Blog | Tagged , , | Comments Off on Beware of Login Issues for Privileged Accounts

SQL Injection Issues–Password Hashing

Posted on December 4, 2014 by way0utwest

I’ve got a demo for one of my talks that really highlights some issues we have with SQL Injection. It’s part of my encryption talk, and it goes like this. NOTE: I am showing a simple example here, not one … Continue reading

Posted in Blog | Tagged , , | 5 Comments