http://blogs.technet.com/b/keithcombs/archive/2010/10/19/exploits-sql-injection-attacks.aspxSQL injection is a technique used by attackers to damage or steal data residing in databases that use SQL syntax to control information storage and retrieval. SQL injection usually involves using a mechanism such as a text field in a web form to directlyen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/keithcombs/archive/2010/10/19/exploits-sql-injection-attacks.aspx#3363060Wed, 20 Oct 2010 11:50:51 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3363060Kai Axford<p>Nice post! The largest data breach in history (Heartland Payment Systems) was the result of a SQL Injection attack. I spent some time speaking with their CSO last night and he explained the amount of effort and money it took for them to recover. SQL Injection (and there are many flavors) is the result of improper form validation, essentially allowing a form field (i.e. name, password, etc.) to be used as a way to input long character strongs that include SQL commands, such as DROP TABLE. Any ANSI-99 compliant relational database is subject to this, including MySQL, Oracle, and MS SQL Server. This is a Dev issue, but the IT Pro still has to do the cleanup.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3363060" width="1" height="1">