Oops! Sorry! I meant to say "apostrophe" and not "single quotes"...

And sorry 'bout this additional post...


- E

>Actually, I DID read the articles before I replied.
>If you read it again, the basic problem is not about any "extended 
>SQLServer functionality"--it's about how ASP works AND how the database 
>server was configured AND how Window$ works.
>Sorry, but the attacks mentioned CANNOT be done on any of the database 
>servers that I've used. And with PHP, Apache, Linux combination, they just 
>don't apply.
>Hey, don't get me wrong. I really appreciate any security info but 
>personally I don't think they apply here...
>- E
>HINT: PHP doesn't use another "'" (single quote) character to escape 
>another single quote character--it's just basically stupid to do so.
>HINT 2: Configure your database server to have, for example, (1) a database 
>username/password that can only SELECT -- enough for dynamically generated 
>pages (2) a username/password that can only do INSERT or UPDATE, etc. Why 
>would I make a username/password for my web pages that can delete important 
>table or the entire database itself?
>>If you'll thoroughly read the articles, most of those attacks that don't
>>involve the use of extended SQLServer functionality, CAN be done on
>>other RDBMS's. And if nothing else, you'll see the ingenuity of the
>>Hey, take what you liked, and leave the rest lay.
>>If You want to buy computer parts, see the reviews at:
>Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to