Oops! Sorry! I meant to say "apostrophe" and not "single quotes"...
And sorry 'bout this additional post...
>Actually, I DID read the articles before I replied.
>If you read it again, the basic problem is not about any "extended
>SQLServer functionality"--it's about how ASP works AND how the database
>server was configured AND how Window$ works.
>Sorry, but the attacks mentioned CANNOT be done on any of the database
>servers that I've used. And with PHP, Apache, Linux combination, they just
>Hey, don't get me wrong. I really appreciate any security info but
>personally I don't think they apply here...
>HINT: PHP doesn't use another "'" (single quote) character to escape
>another single quote character--it's just basically stupid to do so.
>HINT 2: Configure your database server to have, for example, (1) a database
>username/password that can only SELECT -- enough for dynamically generated
>pages (2) a username/password that can only do INSERT or UPDATE, etc. Why
>would I make a username/password for my web pages that can delete important
>table or the entire database itself?
>>If you'll thoroughly read the articles, most of those attacks that don't
>>involve the use of extended SQLServer functionality, CAN be done on
>>other RDBMS's. And if nothing else, you'll see the ingenuity of the
>>Hey, take what you liked, and leave the rest lay.
>>If You want to buy computer parts, see the reviews at:
>>**OR EVEN BETTER COMPILATIONS**!!
>Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php