What fun. Looks like a good friend of mine, James Johnson (also the president of the IE .Net User’s Group) got attacked by a potential SQL injection. Fortunately he’s pretty up on his secure coding so it wasn’t a problem. Props to James!
Anyway, he threw it my way because he thought I’d be interested. Was a pretty nasty one. Take a look at his write up and you can also see my comments there.
We had 2 of these at work about a a month and a half ago. We changed all of our queries with a Request.SafesSql tag (and in the application file, changed how the queries were looked at). I guess I should put that on a little website over in Pomona at some point… 🙂