Here is another paper: http://www.ii.uib.no/~moen/inf248/slides_0710.pdf On 3/22/06, Dennis Williams <oracledba.williams@xxxxxxxxx> wrote: > > List, > > Here is a recent paper on how hackers can use the SQL injection technique. > > > http://www.ngssoftware.com/papers/sqlinference.pdf > > The SQL Server example appears quite appaling, with a hacker being able to > access the O.S. The Oracle example looks bad (select password from > dba_users) on the surface, but an ordinary user shouldn't have that table > and the password is encrypted anyway. Does anyone know if current versions > of SQL Server are this vulnerable? > > Dennis Williams >