> To help combat SQL Injection attempts, you might want to take a look at the > WebKnight open-source ISAPI filter. > > http://www.aqtronix.com/?PageID=99 > > I haven't used it personally (yet) but it looks useful with many features.
Use it here + it works as designed. A web application firewall is very advisable, rather than attempting to cover 0day attacks solely within code. Obvs. this goes double, triple, etc. if you're a hosting provider allowing code to be uploaded by customers. Another reasonably priced option is PrivacyWare's ThreatSentry, which we also use. TS has a sophisticated learning engine. Note that both of these ISAPI filters do not at this point have stable x64 binaries, which makes end-to-end protection difficult for x64 shops. dotDefender has an x64 ISAPI product at over $10K, but at that price I would go for a pair of clustered inline devices instead (Breach, ProFense, et al.). --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
