{"id":151,"date":"2006-11-08T15:07:36","date_gmt":"2006-11-08T13:07:36","guid":{"rendered":"http:\/\/soci.hu\/blog\/index.php\/2006\/11\/08\/sql-truncation-attacks\/"},"modified":"2007-01-29T11:09:50","modified_gmt":"2007-01-29T09:09:50","slug":"sql-truncation-attacks","status":"publish","type":"post","link":"https:\/\/soci.hu\/blog\/index.php\/2006\/11\/08\/sql-truncation-attacks\/","title":{"rendered":"SQL Truncation Attacks"},"content":{"rendered":"<p>Ez a <a target=\"_blank\" href=\"http:\/\/msdn.microsoft.com\/msdnmag\/issues\/06\/11\/SQLSecurity\/default.aspx\">t\u00e9ma<\/a> sz\u00e1momra \u00faj volt. Persze az injectionh\u00f6z hasonl\u00f3an ez is csak azokat \u00e9rinti, akik stringkolb\u00e1szolj\u00e1k az sql parancsokat.<\/p>\n<p>Az \u00f6tlet egy\u00e9bk\u00e9nt az, hogy kell\u0151en hossz\u00fa inputtal az \u00f6sszerakott sql parancs adott esetben nem f\u00e9r el a c\u00e9l v\u00e1ltoz\u00f3ban (pl. varchar(50), \u00edgy lemarad a parancs v\u00e9ge. Ez az\u00e9rt lehet szivat\u00f3s, mert b\u00e1r kisz\u00e1molod, limit\u00e1lod, stb. a bemeneti string hosszakat, de amikor normaliz\u00e1lod a stringet, pl. az aposztr\u00f3fot kicser\u00e9led 2 aposztr\u00f3fra, akkor m\u00e1ris 2 hely kell egy karakternek. Ezzel azt\u00e1n j\u00f3kat lehet hekkelni.<\/p>\n<p>2005-ben tess\u00e9k nvarchar(max)-ot haszn\u00e1lni, \u00e9s ha lehet, nem stringkolb\u00e1szolni. Tudom, van, amit csak \u00edgy lehet (hat\u00e9konyan) megoldani.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ez a t\u00e9ma sz\u00e1momra \u00faj volt. Persze az injectionh\u00f6z hasonl\u00f3an ez is csak azokat \u00e9rinti, akik stringkolb\u00e1szolj\u00e1k az sql parancsokat. Az \u00f6tlet&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,4,21],"tags":[],"class_list":["post-151","post","type-post","status-publish","format-standard","hentry","category-adatbazisok","category-szakmai-elet","category-sql-server-2005"],"_links":{"self":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=151"}],"version-history":[{"count":0,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/151\/revisions"}],"wp:attachment":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}