I have a slight, well big, problem in that someone has worked out how to edit parts of my data.
We thought we had the problem solved ages ago as we moved everything over to stored procedures but the tonight the hacker has altered all the data in one field of our table.
So far they have worked out 3 of our table names and one field in each of the tables.
We are pretty sure they haven't worked out our username and password as they attacked before and since then we have moved the DB onto a new server with new IP and username/password.
I guess that leaves just SQL injection attack but we can't see from where yet.
As a quick prevention method we tried setting the user to db_denydatawriter but the user account still seems to be able to write/update data. Unfortunately our knowledge of Schemas etc is pretty limited.
Does any one have any possible pointers?
Many thanks in advance... Ben.