Actually, I DID read the articles before I replied.

If you read it again, the basic problem is not about any "extended SQLServer 
functionality"--it's about how ASP works AND how the database server was 
configured AND how Window$ works.

Sorry, but the attacks mentioned CANNOT be done on any of the database 
servers that I've used. And with PHP, Apache, Linux combination, they just 
don't apply.

Hey, don't get me wrong. I really appreciate any security info but 
personally I don't think they apply here...

- E

HINT: PHP doesn't use another "'" (single quote) character to escape another 
single quote character--it's just basically stupid to do so.

HINT 2: Configure your database server to have, for example, (1) a database 
username/password that can only SELECT -- enough for dynamically generated 
pages (2) a username/password that can only do INSERT or UPDATE, etc. Why 
would I make a username/password for my web pages that can delete important 
table or the entire database itself?

>If you'll thoroughly read the articles, most of those attacks that don't
>involve the use of extended SQLServer functionality, CAN be done on
>other RDBMS's. And if nothing else, you'll see the ingenuity of the
>Hey, take what you liked, and leave the rest lay.
>If You want to buy computer parts, see the reviews at:

Charle con sus amigos online usando MSN Messenger:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to