CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> ASP

 ASP and SQL Injection Attacks

 Print topic Send topic

Author Message
advcomputer

Posts: 68
Posted: 09/03/2008, 8:49 AM
I have seen on webmaster world that SQL Injection Attacks are back in the news.

I also see the latest build of ccs 4.X has some features to prevent these attacks from doing any damage. I was wonder what in particular was done.

Does the fix work with forms via the "post" method.

Any info would be appreciated,

Jeff
================================
Jeff Goldstein
President
Web Applications for Business
www.wafbiz.com
View profile  Send private message
advcomputer

Posts: 68
Posted: 09/08/2008, 11:56 AM
Anyone from Yes software want to take a stab at answering this question???????????

Jeff
================================
Jeff Goldstein
President
Web Applications for Business
www.wafbiz.com
View profile  Send private message
Oper


Posts: 1195
Posted: 09/10/2008, 7:11 AM
i will comment but very shorlty

CCS prevent SQL injection Attack and has the Tool needit to doit.


BUT <--- CAPS

if you use request.querystring then you have the door open.


there are some basic rule to follow if you are doing a mistake.

for all your search and Post.
try to put something like this on the text field [ ;select OMGaHACK() ] (inside your search test
check the ;

if this fire and error on your application then the door is open
very basic but work as a test.

do not ever use request.querystring (Unless you know what are you doing)

note: OMGaHACK() is a wrong function and isintended just to bring the error.

IIS7 help more in case you make some mistake.

CCS has the door closed its up to you give the key to the public
_________________
____________________________
http://www.7bz.com (Free CMS,CRM Developed in CCS)

http://www.PremiumWebTemplate.com
Affiliation Web Site Templates

Please do backup first
View profile  Send private message
wkempees


Posts: 1679
Posted: 09/10/2008, 4:47 PM
qood (=short for) good answer clear, thanks.
Should work for other language flavours? Quess yes.
Again tks, and what a good function name acronym.


http://forums.codecharge.com/posts.php?post_id=100210;select%20OMGitWorks()

Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)

if you liked this info PAYPAL me: http://donate.consultair.eu
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

MS Access to Web

Convert MS Access to Web.
Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.