Call now: (800) 766-1884  



 Home


 SQL Server Tips
 SQL Server Training

 SQL Server Consulting
 SQL Server Support
 SQL Server Remote DBA



 Articles
 Services
 SQL Server Scripts
 Scripts Menu



 

 

 

   
  SQL Server Tips by Gama and Naughter


 

Avoiding buffer overflows

 

There are no definitive solutions to this problem but it is very important to consider security issues when coding. You should also test and review the code with security concerns in mind.

 

Here are some ideas:

 

     * Define limits (bounds) for the size of buffers and never let the size come directly or indirectly from the input.

     * Verify that the limits are not violated before accessing the buffer.

     * Use string and memory functions that require an explicit size limit (for example strncpy instead of strcpy).

     * Use functions that limit the input data size (for example fgets instead of scanf).

     * Use strlen carefully because the terminating NULL might be missing.

     * Be careful with functions that do not NULL terminate the destination string.

     * Use tools to scan for vulnerabilities. E.g.

           RATS-source code review tool that understands C, C++, Python, Perl, and PHP.

           Splint-tool for statically checking C programs for security vulnerabilities.

           ITS4-Static Vulnerability Scanner for C and C++ Code.


The above book excerpt is from:

Super SQL Server Systems
Turbocharge Database Performance with C++ External Procedures

ISBN: 0-9761573-2-2
Joseph Gama, P. J. Naughter

 http://www.rampant-books.com/book_2005_2_sql_server_external_procedures.htm
 

 

Burleson Consulting Remote DB Administration


 

 


 

 

 

 

 
Burleson is the America's Team

Note: The pages on this site were created as a support and training reference for use by our staff of DBA consultants.  If you find it confusing, please exit this page.

Errata?  SQL Server technology is changing and we strive to update our SQL Server support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:and include the URL for the page.
 


Burleson Consulting
SQL Server database support

 

Copyright 1996 -  2013 by Vaaltech Web Services. All rights reserved.

Hit Counter