Friday, November 23, 2007

SQL Server - Authentication Override

Here is a somewhat in depth discussion of sticking code into SQL Server 2000 to bypass pretty much any security or logging. So in other words - just because it isn't in your logs, doesn't mean you aren't hacked.

http://www.ngssoftware.com/papers/violating_database_security.pdf