SQL Server Express localdb security

SBertke 21 Reputation points
2022-01-21T22:08:07.207+00:00

We were developing an application within .NET that would: read in data (generally in a text or csv format); run some analyses; and generate results/reports from the data. We were using SQL Server Express localdb to create temporary DBs and to perform the analyses. This would all happen locally on one's computer/laptop. Our security team was worried about the possibility of a SQL injection attack. Is this a valid concern? Sorry if I have not provided enough detail and am happy to clarify as needed.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
9,140 questions
Accepted answer
  1. Bruce (SqlWork.com) 31,651 Reputation points
    2022-01-22T16:26:18.057+00:00

    Sql injection is not related to where the database is stored but rather how you construct the sql statements. But maybe they mean the user could modify the data to change the report, but a malicious user could just modify the output.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest