Wednesday, December 19, 2012

For avoiding XSS attacks Fortify may prefer that you associate a sproc directly with a database connection.

cmd = New SqlCommand("sp_Whatever", conn)
cmd.CommandType = CommandType.StoredProcedure

...may be superior to...

cmd = New SqlCommand
cmd.Connection = conn
cmd.CommandType = CommandType.StoredProcedure
cmd.CommandText = ("sp_Whatever")

 
 

Note:

  1. XSS is an acryonym for Cross-Site Scripting.
  2. Please forgive the VB Script. :(
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)