SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 General SQL Server Forums
 Data Corruption Issues
 SECURITY and EMAIL		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

chev
Starting Member

3 Posts
Posted - 03/11/2010 :  16:09:18  Show Profile  Reply with Quote
hello,

I take the estate of someone who has set up a server with SQL on Apache.

I am responsible for restoring order in his work.
I was surprised to find all sizes emails completely free:
so someone can write:
toto.titi @ rudy.com

as he can write without constraint:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@1111111111111111111111111111111111111111111111111111.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

I found lots of false addresses in the database.


My question:
is there a risk of injecting code, malicious of course, with a format email if misconfigured?

I will appreciate an answer from you

thank you and goodbye

tkizer
Almighty SQL Goddess

USA
35007 Posts
Posted - 03/11/2010 :  22:46:40  Show Profile  Visit tkizer's Homepage  Reply with Quote
There isn't a risk associated with the format of the email. The risk would be in the programming of the application. You'll need to ensure that it's using parameterized queries.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog

"Let's begin with the premise that everything you've done up until this point is wrong."
Go to Top of Page

chev
Starting Member

3 Posts
Posted - 03/12/2010 :  11:36:25  Show Profile  Reply with Quote
Hello and thank you for your reply.

Can I take my other question, please?
Please correct me if I read your poorly thought:

Standardization of the email is not the main priority. But do we agree on principle that email address can contain a code to operate on the database?

It would be the priority?
I confess not to be very strong in SQL that is not my part of the more advanced skills in computer. What worries me is found to have emails with extensions longer than 20 characters ....
Concerning security can be better, right?
Go to Top of Page

chev
Starting Member

3 Posts
Posted - 03/12/2010 :  11:44:35  Show Profile  Reply with Quote
sorry, the message is gone before I could make a salutation:
Thank you again for your response and the time you have spent. Remaining at your service,
I wish you a great weekend.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.09 seconds. Powered By: Snitz Forums 2000