As everyone might or might not know, last week the Internet was bombarded by a well-known method of attack called a SQL Injection Attack. As SQL is the heart or core of many applications (SharePoint for example) this opens us up to a need to be able to defend our past work, or answer questions from clients about “Are we safe?”. Security flaws are found in databases and programs nearly weekly, so trying to keep current can be a nearly impossible challenge.
It is important to patch and keep current, but also build SMART.I did not want to take the time to explain what these attacks are….here is a (link) better clarify if you need further explanation. This is a good article written by Mitchell Harper to better clarify examples of scripting.
What I want you to do is instead understand that SharePoint 2010 has no identified or documented vulnerabilities to this form of attack. This the OOB flavor only, once you have started customizing, adding Claims authentication, External Connections, etc….the bets are off.
You must have all updates and patches applied to your server and IIS to ensure safety. Might be a good topic to contact your old clients about and just reassure them of their safety.
Keep Moving Forward,