[thelist] ASP - Variables & Security
Matt French
Matt.French at DogStarDesign.co.uk
Mon Aug 4 03:34:25 CDT 2003
I'm not aware of any security problem myself however it is good programming
practice to always assign your variables an initial value when you declare
them.
<%
Language=VBScript
Option Explicit
Dim strVarOne
Dim strVarTwo
strVarOne = ""
strVarOne = "this variable has something assigned to it"
%>
-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org]On Behalf Of
burgan at iprimus.com.au
Sent: 04 August 2003 06:50
To: thelist at lists.evolt.org
Subject: Re: [thelist] ASP - Variables & Security
--------------------------------------------------
From: Ken Schaefer ken at adOpenStatic.com
Subject: Re: [thelist] ASP - Variables & Security
Perhaps you could give a few more details about this "security flaw"
What exactly is "secure" that is able to be exploited via the alleged
"flaw"?
-------------------------------------------------
I'm not sure how it can be a security problem myself - I just think I've
read somewhere that if a variable is declared on a page and then it is not
assigned a value, then that could be a potential problem. I assume this is
because a "hacker" has the potential to do something damaging with that
unassigned variable.
I guess I'm wondering if other have heard about this - or if my mind's just
trying to make stuff up again.
Tim
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list