Print

Project: Defending SQL Injection

Description

Download the Grades Central for VS2012 or the Grades Central for VS2010 , an ASP.net website.  Develop defensive measures to defend the database from SQL injection.

Requirements

  • Set #1
    • Use regex to indentify the metachacaters that could cause SQL injection and reject the input.
    • Do not send error messages to the browser.
    • Avoid dynamic SQL with concatenated input.
  • Set #2
    • Use different login ids for SELECT, UPDATE or DELETE statement.
    • Use stored procedures.

Project Submission

  • Send the project to cis491projects@yahoo.com
  • Subject: Project 2 - first name and last name - VS2010 or VS2012

Grading

Set #1: 100%
Set #2: extra 30%