[thelist] Website Hacked?
Bill Moseley
moseley at hank.org
Sat May 24 18:06:37 CDT 2008
On Sat, May 24, 2008 at 04:49:48PM -0500, Todd Richards wrote:
> Thanks Anthony. I am checking so that when someone requests a store - ie.
> Store.asp?id=300 - if it's not a numeric value then they will get redirected
> to the home page. However, I'm raw on how they could actually get data
> entered into my database. I know it can happen - I hear about it all the
> time. However, I'm just not sure where to start to fix it. The "admin"
> directory is using Windows authentication rather than a database login,
> since I'm the only one who has permissions to update things. Would that
> make a difference?
>
> Sorry for the rookie questions!
I cannot give you an answer as I know nothing of ASP, but doesn't
whatever ASP uses to talk to the database provide a way to bind
parameters to the database so that SQL injection is not an issue?
First Google hit for: bind parameters "sql injection" ASP
http://forums.asp.net/p/777624/2297068.aspx
--
Bill Moseley
moseley at hank.org
Sent from my iMutt
More information about the thelist
mailing list