Share via

Preventing SQL Query Exposure in Memory – Visual C++ Application

Mohammad Raza 0 Reputation points
2025-03-11T10:25:11.1833333+00:00

A thick client application using Visual C++, and during a security audit, we found that SQL queries are stored in memory in plaintext. Using memory dump analysis tools, we were able to extract these queries, which raises security concerns.

We would like guidance on the following:

  1. Are there recommended best practices in Visual C++ to prevent sensitive strings (such as SQL queries) from being stored in memory in plaintext?
  2. Does the Visual C++ runtime provide any options to securely handle and clear memory after processing SQL queries?
  3. Are there compiler or linker settings that can help mitigate this issue?

We appreciate any advice, security recommendations, or official documentation that could help us improve the security of our application.

C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,879 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Minxin Yu 13,011 Reputation points Microsoft External Staff
    2025-03-12T01:31:04.8433333+00:00

    Hi,

    Validate All Input.

    Using Parameterized Queries.

    Using Stored Procedures.

    Here is document:
    SQL Injection

    Best regards,

    Minxin Yu

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.