非网络 SQL 注入 [英] Non-web SQL Injection
问题描述
似乎对 SQL 注入攻击有些歇斯底里.最近,这里
There seems to be some hysteria about SQL Injection attacks. Most recently, here
如果我在 Excel 中创建一个连接到 Access 数据库的宏,我真的需要担心 SQL 注入吗?它不在网络上,它在我的办公室中使用(你们还记得台式机吗?).我不担心我的同事会破坏我.如果他们足够聪明来进行 SQL 注入,那么他们是否足够聪明来破解我的加载项密码并更改代码?
If I'm creating a macro in Excel that connects to an Access database, do I really have to be concerned about SQL injection? It's not on the web, it's used in my office (you guys remember desktops right?). I'm not concerned that my co-workers are going to sabotage me. If they're smart enough to do a SQL injection, aren't they smart enough to crack my add-in password and just change the code?
推荐答案
如果您在宏中构建 SQL,它很容易受到 SQL 注入的影响.即使您信任将使用该东西的人,您也至少应该注意基础知识,例如试图将单引号和分号字符放入数据库字段的人.在您的情况下,这与其说是安全问题,不如说是数据验证.
If you're building SQL in your macro, it's vulnerable to SQL injection. Even if you trust the people who will be using the thing, you should at least watch for the basics, like people trying to put single-quote and semicolon characters into database fields. this isn't so much a security issue in your case as just data validation.
这篇关于非网络 SQL 注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
