Using SQL Injection to Bypass Security Controls
To demonstrate some of the security issues, Joel Helgeson of Appiant.net has posted a video that shows how he used SQL injection to bypass security controls on a college Web site. In this video he demonstrates how easy this type of attack can be. If you are a Web developer, this is a good reminder for you to test your Web applications thoroughly for security issues.
The video is available on appiant.net’s Web site.
Exploit Video (WMV format – 7.8MB – 3:25 min)
Exploit Fixed (WMV format – 764KB – 37 secs)
Check out this video from Microsoft on SQL Security. It looks at the security architecture of SQL server 2000 and introduces the SQL Server 2005 Security model. It also shows you how to lock down SQL server implementations.