cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Get the latest Cisco news in this December issue of the Cisco Small Business Monthly Newsletter

482
Views
0
Helpful
0
Replies
Highlighted
Beginner

WRVS4400N Blocks *outgoing* use of SQL keywords

raiserror and xp_sprintf have in the past been liable to overrrun attacks.

But blocking my use of them OUTGOING means I can't manage or maintain any stored procedures that use these keywords, which means I can't manage our databases AT ALL.

This is a huge flunk, especially considering you even block them when they are in comments. The entire connection is lost.

To be clear, the following apps will fail on any attempt to modify or create stored procedures that use these:

SQL Server Management Studio

Visual Studio

This really needs to be fixed.The latest sig file from almost a year ago does not address this, according to release notes.

Basically, I have completely disable IPS to use these valid programs.

Everyone's tags (5)