Thursday, March 22, 2012

Does RS2005 check for SQL Injections on it's parameters?

Dear Anyone,

One of the common usage of report parameters in reporting services is having a free form text. One of the common ways of bringing data to RS is by using stored procs -- usually taking inputs from report parameters.

Does RS2005 have safeguards for SQL Injections and other hacking problems?

Thanks,

Joseph

RS uses the .Net SqlClient classes for building its queries. These classes guard against SQL injections issues.sql

No comments:

Post a Comment