Is there any security benefit when using a stored procedure to toggle a boolean value from a checkbox

Question

Is there any security benefit when using a stored procedure to toggle a boolean value from a checkbox

I have a boolean variable stored in a SQL Server database. This is provided to end users as a check box on an ASP.NET web page. Toggling the checkbox naturally updates the value in the database.

I was going to delete the SQL query, which is written in text form in the C # code behind, and replace it with a stored procedure in order to increase security, protecting against SQL injection attacks. My understanding of injection attacks is limited, but, of course, it was impossible to trigger an attack from an unsecured flag entry? Or is it possible?

+3

c # checkbox sql-injection .net sql-server

fearoffours Jul 26 '10 at 12:56

source share

3 answers

, , . , - . , SQL, , @parameters , .

.

+1

Brian Mains 26 . '10 12:59

ASP.Net , , , . YourCheckBox., . , - , , , - - , , , , . , . , , .

, HTML-, , , . asp.net.

+1

Peter 26 . '10 13:14

kemiller2002 · Accepted Answer · 2010-07-26T12:59:10+0000

Well, as a rule, you should always use stored procedures or parameterized sql. Can you do this by clicking the checkbox? In fact, it all depends on how the code is written. At first glance, I would say no, but there are many possibilities that can affect this.

Remember that the page, when it is hosted, sends essentially a text value to the server. Someone might send an sql injection attack instead of a checkbox value. Now asp.net does a good job of this, but that doesn’t mean that if the code is written to bypass asp.net checks, etc., that this cannot be.

, , , , : " ". , . .

Is there any security benefit when using a stored procedure to toggle a boolean value from a checkbox

More articles: