What should you do?

You are an enterprise application developer. You design a data access component that interacts with a Microsoft SQL Server database. The component uses a database connection string. The database connection string is stored in clear text in the ConnectionStrings section of the application configuration file. During testing, you discover that the component might be vulnerable
to SQL injection attacks. You need to adopt a strategy to protect the component from SQL injection attacks. What should you do?

You are an enterprise application developer. You design a data access component that interacts with a Microsoft SQL Server database. The component uses a database connection string. The database connection string is stored in clear text in the ConnectionStrings section of the application configuration file. During testing, you discover that the component might be vulnerable
to SQL injection attacks. You need to adopt a strategy to protect the component from SQL injection attacks. What should you do?

A.
Replace all dynamic SQL statements with parameterized SQL statements that use strongly typed SQL parameters.

B.
Construct all dynamic SQL statements by using a SecureString object.

C.
Modify the method so that it throws an exception if the SQL statement does not return any rows.

D.
Encrypt the ConnectionStrings section of the configuration file.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *