Code: p1650 Severity: Warning
Description: This event is generated when an attempt is made to access a host running Microsoft SQL Server. Impact: Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database! Corrective: Patching your servers, databases, programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks.
|
