tags:

views:

6

answers:

0
Q: 

nettiers Utility.DetectSqlInjection flagging wrong words

We are using .nettiers as our DAL and also using the Utility.DetectSqlInjection for extra security.

We hit an odd error today, Someone tried to enter "Executive" into a title textbox, and the Utility.DetectSqlInjection is saying this is an injection attack.

It looks as thought it is seeing the "EXEC" command used to execute sql commands.

Has anyone seen this, or had this occur? Any solution or has .nettiers taken care of this in newer versions?

related questions

Is LINQ to SQL InsertOnSubmit() subject to SQL Injection Attack?
How Can I test my web site for SQL injection attacks?
Storing parts of user data in files for preventing SQL injection
HTTP input filter like mod_security for WebSphere?
Does LINQ's ExecuteCommand provide protection from SQL injection attacks?
Dynamic SQL - Search Query - Variable Number of Keywords
Classic ASP SQL Injection Protection
Comprehensive server-side validation
Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes?
Are PDO prepared statements sufficient to prevent SQL injection?
What's the best method for sanitizing user input with PHP?
Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
What percentage of my time will be spent in user input verfication during web development?
Parameterized SQL Columns?
Handling the data in an IN clause, with SQL parameters?
What should you do when coming across a publicly accessible security vulnerability?
binding variables to parameters in ADOdb for PHP
Penetration testing tools
Is there some way to inject SQL even if the ' character is deleted?
How do I programatically sanitise coldfusion cfquery parameters.
Best way to stop SQL Injection in PHP
Inform potential clients about security vulnerabilities?
When is it Best to Sanitize User Input?
What is the best way to avoid SQL injection attacks?
Catching SQL Injection and other Malicious Web Requests