[thelist] ASP - Variables & Security
Ken Schaefer
ken at adOpenStatic.com
Mon Aug 4 21:46:40 CDT 2003
Good programming practise involves not DIMming any variables you don't
need...
:-)
Cheers
Ken
----- Original Message -----
From: "Matt French" <Matt.French at DogStarDesign.co.uk>
To: <burgan at iprimus.com.au>; <thelist at lists.evolt.org>
Sent: Monday, August 04, 2003 6:34 PM
Subject: RE: [thelist] ASP - Variables & Security
: I'm not aware of any security problem myself however it is good
programming
: practice to always assign your variables an initial value when you declare
: them.
:
: <%
:
: Language=VBScript
: Option Explicit
:
: Dim strVarOne
: Dim strVarTwo
:
: strVarOne = ""
: strVarOne = "this variable has something assigned to it"
: %>
:
:
:
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
: [mailto:thelist-bounces at lists.evolt.org]On Behalf Of
: burgan at iprimus.com.au
: Sent: 04 August 2003 06:50
: To: thelist at lists.evolt.org
: Subject: Re: [thelist] ASP - Variables & Security
:
:
: --------------------------------------------------
: From: Ken Schaefer ken at adOpenStatic.com
: Subject: Re: [thelist] ASP - Variables & Security
:
: Perhaps you could give a few more details about this "security flaw"
: What exactly is "secure" that is able to be exploited via the alleged
: "flaw"?
: -------------------------------------------------
:
: I'm not sure how it can be a security problem myself - I just think I've
: read somewhere that if a variable is declared on a page and then it is not
: assigned a value, then that could be a potential problem. I assume this is
: because a "hacker" has the potential to do something damaging with that
: unassigned variable.
:
: I guess I'm wondering if other have heard about this - or if my mind's
just
: trying to make stuff up again.
:
: Tim
More information about the thelist
mailing list