advcomputer
Posts: 68
|
Posted: 09/03/2008, 8:49 AM |
|
I have seen on webmaster world that SQL Injection Attacks are back in the news.
I also see the latest build of ccs 4.X has some features to prevent these attacks from doing any damage. I was wonder what in particular was done.
Does the fix work with forms via the "post" method.
Any info would be appreciated,
Jeff
================================
Jeff Goldstein
President
Web Applications for Business
www.wafbiz.com
|
|
|
advcomputer
Posts: 68
|
Posted: 09/08/2008, 11:56 AM |
|
Anyone from Yes software want to take a stab at answering this question???????????
Jeff
================================
Jeff Goldstein
President
Web Applications for Business
www.wafbiz.com
|
|
|
Oper
Posts: 1195
|
Posted: 09/10/2008, 7:11 AM |
|
i will comment but very shorlty
CCS prevent SQL injection Attack and has the Tool needit to doit.
BUT <--- CAPS
if you use request.querystring then you have the door open.
there are some basic rule to follow if you are doing a mistake.
for all your search and Post.
try to put something like this on the text field [ ;select OMGaHACK() ] (inside your search test
check the ;
if this fire and error on your application then the door is open
very basic but work as a test.
do not ever use request.querystring (Unless you know what are you doing)
note: OMGaHACK() is a wrong function and isintended just to bring the error.
IIS7 help more in case you make some mistake.
CCS has the door closed its up to you give the key to the public
_________________
____________________________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates
Please do backup first |
|
|
wkempees
Posts: 1679
|
Posted: 09/10/2008, 4:47 PM |
|
qood (=short for) good answer clear, thanks.
Should work for other language flavours? Quess yes.
Again tks, and what a good function name acronym.
http://forums.codecharge.com/posts.php?post_id=100210;select%20OMGitWorks()
Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
|