question

mohsenMJ-8783 avatar image
0 Votes"
mohsenMJ-8783 asked pituach commented

How to secure my Microsoft SQL Server?

Hello,
On a web server that use Microsoft IIS and SQL Server, how can I protect my website from the SQL Injection attacks? Which rules are useful to add to the Microsoft IIS?


Thank you.

sql-server-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @mohsenMJ-8783, we have not get a reply from you. Could below answers help you? If yes, please do "Accept Answer". By doing so, it will benefit for community members who have this similar issue. Your contribution is highly appreciated. Thank you!

0 Votes 0 ·
TomPhillips-1744 avatar image
0 Votes"
TomPhillips-1744 answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OlafHelper-2800 avatar image
0 Votes"
OlafHelper-2800 answered pituach commented

from the SQL Injection attacks?

First newer use dynamic generate SQL statement together with user input; always use parameterized queries.

https://en.wikipedia.org/wiki/SQL_injection

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am currently dealing with this exact problem. Can you please look into my account? I would greatly appreciate it. Before my Network is stolen again. This person got back into my Microsoft account, and I believe I just found their thread. PLEASE HELP! I HOPE I AM WRONG!!! Phenixbound21@outlook.com Jess7983@hotmail.com
Tompkinsj927@gmail.com
Please contact me! @OlafHelper-2800 @TomPhillips-1744


0 Votes 0 ·

I'm not sure what your expectations are, but this is a peer-to-peer forum. There is no one here who has access to "look into your account". Yes, there are some people with -msft in their aliases here, but the same thing applies there as well.

Since I don't know the exact details, I can't give you a suggestion where to turn to. This is a forum for SQL Server, but it is not apparent that SQL Server is involved here.

0 Votes 0 ·
pituach avatar image pituach JessTompkins-7408 ·


(1) This is not a support forum for issues in your account nor a place for private support, but a public forum for technical discussions. We can help in specific technical issues and not with specific account issue.

(2) This is a community forum and the Moderators are not necessarily from Microsoft but from the community.

(3) We cannot check your account nor it can be done by someone else except to the accounts teams

please use the following link and open a ticket

https://support.microsoft.com/contactus

I hope this will help you

0 Votes 0 ·
ErlandSommarskog avatar image
0 Votes"
ErlandSommarskog answered

I have written about SQL injection here: https://www.sommarskog.se/dynamic_sql.html#sqlinjection.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarrinWu-MSFT avatar image
0 Votes"
CarrinWu-MSFT answered

Hi @mohsenMJ-8783,

Thanks for your posting.

You could prevent SQL Injection vulnerabilities in web applications by utilizing parameterized database queries with bound, typed parameters and careful use of parameterized stored procedures in the database. For more information, please refer to How to Protect Against SQL Injection Attacks and How to prevent SQL injection attacks.


Best regards,
Carrin


If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.