OLE Automation

Previous page
Table of content
Next page

The OLE automation stored procedures provide access to the Component Object Model (COM), which grants Visual Basic functionality to T-SQL scripts. When used by a skilled attacker, they are very powerful and could be used to manipulate Microsoft Office documents, utilize other COM-compatible code, or send e- mails .

xp_dsninfo: Displays an ODBC datasource's settings.

xp_enumdsn: Lists all ODBC datasources on the server.

sp_OACreate: Used to instantiate an OLE object. Methods of the object can then be called, allowing its functionality to be exploited.

sp_OADestroy: Used to destroy an OLE object.

sp_OAGetErrorInfo: Returns error information for the most recent OLE automation stored procedure call.

sp_OAGetProperty: Gets the value of a property in the OLE object.

sp_OAMethod: Calls a method of the OLE object. These are routines that perform a certain function.

sp_OASetProperty: Sets the value of a property in the OLE object.

sp_OAStop: Stops the OLE automation environment, and disables T-SQL access to COM components .

sp_sdidebug: Used to debug T-SQL statements; could reveal confidential information.


Previous page
Table of content
Next page
Database Hacker's Handbook. Defending Database Servers
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156
Authors: David Litchfield, Chris Anley, John Heasman, Bill Grindlay
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Absolute Beginner[ap]s Guide to Project Management
Java for RPG Programmers, 2nd Edition
Java How to Program (6th Edition) (How to Program (Deitel))
Cisco Voice Gateways and Gatekeepers
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy