Invoke-SQLCmd considered harmful

I mentioned here that Invoke-SQLCmd (included in the SQLPS module for SQL Server) was susceptible to SQL-Injection attacks, but I haven’t demonstrated that or ever seen anyone show it. To do so, I’ll start with code out of the help for Invoke-SQLCmd.  Here’s the code (taken from here) Notice that the parameters are encoded in a …

Continue reading ‘Invoke-SQLCmd considered harmful’ »

Why Adolib (and POSH_Ado)?

I’ve realized that in my explanations of Adolib and POSH_Ado, I left something important out. Why in the world am I spending all of this time and effort writing database access modules when there are already tools out there (SQLPS, for instance) which work. The simple answer is SQLPS is not good enough for several …

Continue reading ‘Why Adolib (and POSH_Ado)?’ »