> I just managed to "hack" into one of my older authentication scripts > (in ASP) by typing: > x' or 1=1 -- > in the user field. > > Anyone come across this before? What do you think about it? hi nedret yes, this is called sql injection, and if you do not guard against it, your database is vulnerable to attack see http://www.google.com/search?q=sql+injection and especially the first result, http://www.nextgenss.com/papers/advanced_sql_injection.pdf rudy http://rudy.ca/