Actually, I DID read the articles before I replied. If you read it again, the basic problem is not about any "extended SQLServer functionality"--it's about how ASP works AND how the database server was configured AND how Window$ works.
Sorry, but the attacks mentioned CANNOT be done on any of the database servers that I've used. And with PHP, Apache, Linux combination, they just don't apply. Hey, don't get me wrong. I really appreciate any security info but personally I don't think they apply here... - E HINT: PHP doesn't use another "'" (single quote) character to escape another single quote character--it's just basically stupid to do so. HINT 2: Configure your database server to have, for example, (1) a database username/password that can only SELECT -- enough for dynamically generated pages (2) a username/password that can only do INSERT or UPDATE, etc. Why would I make a username/password for my web pages that can delete important table or the entire database itself? > >If you'll thoroughly read the articles, most of those attacks that don't >involve the use of extended SQLServer functionality, CAN be done on >other RDBMS's. And if nothing else, you'll see the ingenuity of the >attackers. > >Hey, take what you liked, and leave the rest lay. >-- > >If You want to buy computer parts, see the reviews at: >http://www.cnet.com/ >**OR EVEN BETTER COMPILATIONS**!! >http://sysopt.earthweb.com/userreviews/products/ _________________________________________________________________ Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
