[thelist] Website Hacked?

Bill Moseley moseley at hank.org
Sat May 24 18:06:37 CDT 2008

On Sat, May 24, 2008 at 04:49:48PM -0500, Todd Richards wrote:
> Thanks Anthony.  I am checking so that when someone requests a store - ie.
> Store.asp?id=300 - if it's not a numeric value then they will get redirected
> to the home page.  However, I'm raw on how they could actually get data
> entered into my database.  I know it can happen - I hear about it all the
> time.  However, I'm just not sure where to start to fix it.  The "admin"
> directory is using Windows authentication rather than a database login,
> since I'm the only one who has permissions to update things.  Would that
> make a difference?  
> Sorry for the rookie questions!

I cannot give you an answer as I know nothing of ASP, but doesn't
whatever ASP uses to talk to the database provide a way to bind
parameters to the database so that SQL injection is not an issue?

First Google hit for: bind parameters "sql injection" ASP


Bill Moseley
moseley at hank.org

Sent from my iMutt

More information about the thelist mailing list