Answer the question
In order to leave comments, you need to log in
SQL database error In a windows application, how serious is it in terms of security?
Hi all! I'll try to describe the situation more clearly.
Recently I noticed that during certain manipulations with the self-service checkout in the supermarket, a window with SQL code appears on the screen.
Something in this format -
SELECT message_id AS Error, severity AS Severity,
[Event Logged] = CASE
FROM sys.messages
Answer the question
In order to leave comments, you need to log in
Throwing internal errors outward is considered bad practice from all points of view.
I don’t see where to insert the injection here, there is no place for user input, probably if you find it (it affects this function earlier), then the attacker understands which injection to pick up.
Error handling reveals stack traces or other overly informative error messages to users.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question