|
Comments
|
|
Explained beautifully
|
|
|
Good job
|
|
|
good job
|
|
|
Very basic
|
|
|
Great video- I'll recommend it to my junior team members.
|
|
|
I'd like to see an advanced video about methods of code obfuscation
|
|
|
Really wanted to see more ways in which injection can take place and how to prevent them. This was way too basic.
|
|
|
Short and Clear. Nice Job. Would like to see advanced videos too.
|
|
|
A little basic but probably good for beginners
|
|
|
great video! Iwas able to understnad it and I am not a programmer... :)
|
|
|
Fantastic video, something I don't know a lot about so this video was very useful to me.
|
|
|
Thank you so much for making this easier to understand.
|
|
Paul Swanberg on
5/11/2009
Short and to the point
|
|
Steve Harris on
5/11/2009
might want to add additional videos of more complex ways sql injection can occur
|
|
Carla Wilson on
5/11/2009
Would have been nice to see an example of validating a string input, as this is more complicated than validating for an integer value.
|
|
|
You should have given an example of how to validate varChar data. It's easy to check for an integer, but what's the best way to validate TEXT. Showing a check for certain characters (e.g. ";") or whatever way you'd recommend, would have been worth the extra minute or less on the clip.
|
|
Marshall Cole on
5/11/2009
Awesome!!!!!!!!!!!!!!!1
|
|
|
A great basic overview of SQL injection and how to protect against it.
|
|
|
Input validation is not nessesary if you use command object with parameters. PLEASE DO NOT USE DYNAMIC SQL!!!
|
|
|
I really like the entire JumpstartTV concept and content -- I can get a bite of good info with my morning coffee. Thanks!
|
|
|
Good basic explanation. Would have been nice to show other injection attacks, since validation on text fields is much more difficult.
|
|
|
Great and simple way to explain SQL injection
|
|
Mark Sopczak on
5/11/2009
Very good.
|
|
|
This was a great video.
|
|
luther smith on
5/11/2009
Very clear, no unnecessary words
|
|
|
Basic with great example; good explanation.
|
|
|
nice an trivial way to illustrate the problem
|
|
Ahmad Elayyan on
5/12/2009
x
|
|
|
Great video. All developers should be aware of this.
|
|
|
Great demo.
|
|
|
Very insightful and valuable.
|
|
|
great simple example of the issue
|
|
|
The question at the end had almost nothing to do with the content material, other than both talked about SQL Injection. The video discussed security and validation; the question referred specifically to EXEC() and sp_executeSQL, neither of which were mentioned in the video.
|
|
|
short but very interesting
|
|
David Lundell on
5/27/2009
good intro to sql injection but glosses over the vulnerabilities in stored procs. also the question afterwards didn't come from the video
|
|
|
Best explanation of SQL Injection yet. Other examples I've seen are much too wordy and clubmsy. This demo was great.
|
|
|
Great information.
|
|
|
dh
|
|
|
Short and sweet with applicable information. Thank you!
|
|
|
cool
|
|
|
Nice one!
|
|
|
Great quick tutorial on SQL injections... I've looked into this a fair bit as the DBA of my corporation. We have VERY old asp applications that we found to have these types of vulnerabilities (which we have fixed)... All DBA's and developers should be very concerned about this type of attack... thanks again!!!
|
|
Jamshid Nouri on
11/25/2010
excellent demo
|
|
|
Way too basic. Just converting input to an integer does not address most input text boxes that allow text input. You have to go deeper and filter against particular characters like ';' that cause SQL Injection in the first place.
|
|
|
the narrator can be a bit slow
|
|
Larry Beals on
11/25/2010
Checking an integer is simple enough but how would you do a text input? The start of the video discussed text as the most vulnerable but did not address it.
|
|
|
The prime mechanism is parameterised sprocs, not vbscript integer validation! The error message that was received, informed the "injector" of the type of protocol, database and script language used. Thats a good yield for a hacker!
|
|
|
nice
|
|
|
great explanation of the problem and solution.
|
|
|
Very good
|
|
|
ok
|
|
|
wow! Very crafty!
|
|
Charlie Bruno on
11/26/2010
Nice presentation... the presenter spoke a bit rapidly though, but informative!
|
|
|
Could have a real web application and see a few different SQL injection use cases
|
|
|
Great. Thanks.
|
|
Robert Wine on
11/29/2010
Great information, keep up the GREAT job.
|
|
Tahir A. Syed on
11/29/2010
Marvelous!
|
|
|
very good explanation. Easy to follow. I would like to hear more about this topic maybe how it works with stored procedures.
|
|
|
Very helpful
|
|
John Kingery on
11/29/2010
Explains the issue very well.
|
|
|
good topic and good explanation,
|
|
Neal Ganslaw on
11/30/2010
very good introduction to SQL Injection and security on SQL Server. If would be great to see an example of SQL Injection vulnarabilities using the new EF framework because, let's face it, nothing is 100% bulletproof.
|
|
|
Thank you!
|
|
|
That is pretty neat. I never realized that people actually do this kind of thing.
|
|
Don Weigend on
11/30/2010
Very nice example, thank you!
|
|
|
Nice and simple with examples. I like it!
|
|
Mark Sopczak on
12/1/2010
Great explaination. Thanks.
|
|
|
Could have more suggestions for input validation such as forbidding key words or semicolon in strings.
|
|
|
It would have been nice to have a few more examples of possible attacks and some other ways to protect from SQL Injection. This was just the basic stuff that probably every script kiddie already knows. For a complete beginner/intro video, this was pretty good.
|
|
|
nice work!!
|
|
|
Fantastic explanation, thank you. I've read about SQL injection attacks before, and explanations of how they work, but yours was the best.
|
|
|
sums it up nicely in 5 mins
|
|
|
Very short and concise. I loved it;INSERT INTO PublicAccess VALUES(999);
|
|
|
Thanks for explaining how simple it is to stop SQL injection attacks. It's nice to see the cause, effect and solution all in the same video.
|
|
|
Good info. Thanks.
|
|
David Hunter on
10/3/2011
I would like to see a follow up with other methods of preventing SQL Inj.
|
|
|
Good explanation, examples and presentation.
|
|
Cosmin Tornea on
10/3/2011
cool
|
|
|
Good
|
|
|
Nice example
|
|
|
Nice example
|
|
|
Nice example
|
|
|
Nice example
|
|
|
Nice example
|
|
|
Nice example
|
|
|
It's simple and good explained. Recommended for those who are just begining in this topic.
|
|
|
Very simple and basic.I understood very well the whole video.
Thanks.
--Rohan
|
|
|
quick. to the point and informative. Super.
|
|
Tom Hamilton on
10/4/2011
Thank you - really need to see this scenario explored more from the industrial strength point of view.
|
|
|
He should have shown what to do if you need the data in "text" format- in other words, cfquerryparam. It would have been worth the extra time.
|
|
|
Great instruction Brian!
|
|
|
Please also provide various OTHER ways in which we can over come sql injection.
|
|
|
very helpful to understand how one can inject code, and how we can take care of
|
|
|
Nice One!!!
|
|
James Young on
10/11/2011
When I had an sql injection on one of my websites that is backed by SQL SERVER database I created a public login that had only look-up rights and then using REPLACE function stripped out all characters that are not 1-9 a-z from the input string. REPLACE functions can be stacked to get rid of just about anything. As with most of these excellent tutorials this give you pointers for further reading.
|
|
James Moore on
10/26/2011
Good stuff! Thank you.
|