Dailydave mailing list archives
Re: From blackbox to grey-box during Web App tests
From: "C Q" <kyle.c.quest () gmail com>
Date: Sun, 14 Oct 2007 13:06:15 -0400
Also, just because it's a parameterized stored procedure it doesn't automatically mean that it's immune to sql injections (especially if you use dynamic SQL inside of those procedures). On top of that there are also dev related reasons why some choose not to use stored procedures in general. Here are a few reasons: 1. They slow down the development process making it harder to do the testing (overall application testing and the stored procedure testing). 2. Because of their procedural nature they are prone to code duplication (which some developers try to avoid). 3. Integration / configuration management overhead managing separate stored procedures and the main application code.
Why don't more people just use Parameterized Stored Proceedures? Is itbecause there are implimentation issues or because people don't know about them? Whats your opinion?I wonder that too. Also, why don't people just not write integer overflows? With the snark bit cleared, I'll point out: lots of projects use stored procedures, but have some patches of functionality (like query builders) that are easiest to write with raw SQL.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- From blackbox to grey-box during Web App tests Dave Aitel (Oct 09)
- Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 10)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 10)
- Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 11)
- Re: From blackbox to grey-box during Web App tests J.M. Seitz (Oct 12)
- Re: From blackbox to grey-box during Web App tests Matt Hargett (Nov 07)
- Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 11)
- Re: From blackbox to grey-box during Web App tests Adriel Desautels (Oct 13)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 14)
- Re: From blackbox to grey-box during Web App tests C Q (Oct 14)
- Re: From blackbox to grey-box during Web App tests J.M. Seitz (Oct 15)
- Re: From blackbox to grey-box during Web App tests C Q (Oct 14)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 14)