You create Microsoft Windows-based applications. You are creating a sales management application. This application will permit sales personnel to search for customer information in a Microsoft SQL Server 2005 database. All communication with the database server is done by using an SSL channel.
When a user needs to search for customer information based on a name, the following sequence of actions occurs:
1.The user types a name into a text box.
2.The user clicks a button to initiate the search.
3.The component validates that the value the user types is less than 200 characters. 4.The value that is typed is passed as a string to a component. 5.The component concatenates the typed value to a Select statement in the Where clause of the component.
6.The statement is executed to generate a DataTable object. 7.The DataTable object is used to display the results to the user. You need to identify the risk factor in this application design. What should you conclude?
A.
SQL injection can be used to execute malicious SQL statements.
B.
Code injection can be used to elevate privileges of malicious code.
C.
A buffer overflow can be caused by typing a very large string in the text box.
D.
Canonicalization can be used to add invalid characters to the search string.