Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Preventing Injection attacks
Message
De
25/08/2008 15:37:24
Naomi Nosonovsky
Wisconsin, États-Unis
 
Information générale
Forum:
Microsoft SQL Server
Catégorie:
Autre
Titre:
Re: Preventing Injection attacks
Versions des environnements
SQL Server:
SQL Server 2005
Divers
Thread ID:
01341172
Message ID:
01341606
Vues:
15
>>This is for SELECT statements. But I'm talking about INSERT/UPDATE. Nobody prevents you from typing
>>
>>
<script> malicios script </script>
in the fields.
>
>Just remove [>] and [<] from the typed string :o)

Easy to say than do :) Though you can just test each Request. I played with this suggestion already, but I noticed slowness and also couple of our pages started to re-direct, so I removed some strings from the tested input...
If it's not broken, fix it until it is.


My Blog
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform