SqlCommand - preventing stored proc call in other databases

Posted by Moe Sisko on Stack Overflow See other posts from Stack Overflow or by Moe Sisko
Published on 2010-03-30T06:19:39Z Indexed on 2010/03/30 6:23 UTC
Read the original article Hit count: 603

Filed under:

ADO.NET

|

sql-server

When using SqlCommand to call a stored proc via RPC, it looks like it is possible to call a stored proc in a database other than the current database.

e.g. :

string storedProcName = "SomeOtherDatabase.dbo.SomeStoredProc";    
SqlCommand cmd = new SqlCommand(storedProcName);
cmd.CommandType = CommandType.StoredProcedure;

I'd like to make my DAL code more restrictive, by disallowing potential calls to another database. One way might be to check if there are two periods (dots) in storedProcName above, and if so, throw an exception. Any other ideas/approaches ?

Thanks.

© Stack Overflow or respective owner

Related posts about ADO.NET

Asp.net ADO.NET Entity Framework or ADO.NET

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm starting a new project based on ASP.NET and Windows server. The application is planned to be pretty big and serve large amount of clients pulling and updating high freq. changing data. I have previously created projects with Linq-To-Sql or with Ado.Net. My plan for this project is to use VS2010… >>> More
ADO.NET Entity Framework or ADO.NET

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm starting a new project based on ASP.NET and Windows server. The application is planned to be pretty big and serve large amount of clients pulling and updating high freq. changing data. I have previously created projects with Linq-To-Sql or with Ado.Net. My plan for this project is to use VS2010… >>> More
RIA Services vs ADO.NET Data Services

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently in the process of creating a Silverlight 3 data driven application. To access the database, 2 common approaches are used: RIA Services and ADO.NET Data Services. Does anyone have any guidance on when/why to choose each approach? Here is what I've gathered from my research / experience… >>> More
Ado.net dataservices BeginExecuteBatch call works on development fails on production server with Obj

as seen on Stack Overflow - Search for 'Stack Overflow'
We have an ado.net dataservices 1.0 call that is being passed to a [WebGet] service operation as a batch through BeginExecuteBatch. Everything works perfectly on our development server - we have the project configured to use IIS instead of the cassini web server to make it as close to our production… >>> More
ADO.Net : Get table definition from SQL server tables

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using C# to write a method that returns the following information about a table: column names, column types, column sizes, foreign keys. Can someone point me in the right direction on how to accomplish this ? >>> More

Related posts about sql-server

SQL SERVER – Beginning SQL Server: One Step at a Time – SQL Server Magazine

as seen on SQL Authority - Search for 'SQL Authority'
I am glad to announce that along with SQLAuthority.com, I will be blogging on the prominent site of SQL Server Magazine. My very first blog post there is already live; read here: Beginning SQL Server: One Step at a Time. My association with SQL Server Magazine has been quite long, I have written nearly… >>> More
How to install SQL Server 2005 Configuration Manager without installing SQL Server Management Studio

as seen on Server Fault - Search for 'Server Fault'
Hi, I need to configure SQL Server aliases on a public-facing production server. To do that, I need to install SQL Server Configuration Manager. I was not able to find a standalone installer for that, so I am having to install SQL Server 2005 Client Components. This approach is not ideal as we don't… >>> More
[MAJ] SQL Server 2005 Express Edition - La version gratuite de SQL Server 2005

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Modification technique pour le site de l'article. >>> More
How to create SQL Server Express DB from SQL Server DB

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a SQL Server 2008 DB. I want to extract SOME tables (and associated schema, constraints, indexes, etc) and create a SQL Server Express DB. It isn't a sync of the target, we stomp on it. We ONLY need to do this in the file system (not across the wire). We are not fond of the synchronization… >>> More
sql server 2000 error, error trying to connect to sql server 2005

as seen on Stack Overflow - Search for 'Stack Overflow'
i am connecting to sql server 2000 on a remote computer with a dotnet application, but when i try to open the connection it gives the following error: When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections What… >>> More