非Web SQL注入 [英] Non-web SQL Injection

问题描述

似乎有关于SQL注入攻击有些歇斯底里。最近，这里

There seems to be some hysteria about SQL Injection attacks. Most recently, here

<一个href="http://stackoverflow.com/questions/505838/vba-simple-database-query-from-word">http://stackoverflow.com/questions/505838/vba-simple-database-query-from-word

如果我要创建一个连接到Access数据库在Excel宏，难道我真的要担心SQL注入？这不是在网络上，它在我的办公室使用（你们还记得桌面吧？）。我不担心，我的同事会破坏我。如果他们足够聪明，做一个SQL注入，不是他们不够聪明破解我的外接密码，只需更改code？

If I'm creating a macro in Excel that connects to an Access database, do I really have to be concerned about SQL injection? It's not on the web, it's used in my office (you guys remember desktops right?). I'm not concerned that my co-workers are going to sabotage me. If they're smart enough to do a SQL injection, aren't they smart enough to crack my add-in password and just change the code?

推荐答案

如果您正在构建SQL的宏，这是容易受到SQL注入。即使你相信将要使用的东西谁的人，你至少应该留意的基础知识，喜欢的人试图把单引号和分号字符到数据库字段。这与其说是在你的情况下仅仅是数据验证的安全问题。

If you're building SQL in your macro, it's vulnerable to SQL injection. Even if you trust the people who will be using the thing, you should at least watch for the basics, like people trying to put single-quote and semicolon characters into database fields. this isn't so much a security issue in your case as just data validation.

这篇关于非Web SQL注入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！