, May 23, 2001 1:41 PM
Subject: Re: Compromising Security
Is this the most efficient way to check for SQL in form input?
Sebastian
--
cfset FORM.FirstName = 'Sebastian'
cfset FORM.LastName = 'Palmigiani'
cfset FORM.Address = ';drop table members;'
cfset FormList = ''
cfset
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.err...hacking? my
site/database through the URL. So far, I've got 2 tablenames, the
datasource, and some field names. I dont want to have to do a lot of coding
to prevent
by a knowledgable individual or
group
- Original Message -
From: Pooh Bear [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, May 22, 2001 12:28 PM
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone
needs
to compromise my database
if someone can run a query from a url, all they have to do is get to the
sysobjects table (a known table in ss7) thhen, if done properly, your code
will display ever table name in the database. they could then insert
orders (yes even as strings though that is a bit harder), or query teh
credit
-
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 10:28 AM
To: CF-Talk
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.err...hacking? my
site/database through the URL. So
what i meant was, if someone knew my datasource, and a couple of table names
and fields, will they be able to cuase any damage?
From: Dave f [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Subject: Re: Compromising Security
Date: Tue, 22 May 2001 14:00:42 -0400
best thing to do is require only authorized hosts to connect to your DB.
Pooh Bear [EMAIL PROTECTED] wrote:
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.err...hacking? my
site/database through the URL. So far, I've
]
-Original Message-
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 9:28 AM
To: CF-Talk
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.err...hacking? my
To: CF-Talk
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone needs
to compromise my database or code? I am.err...hacking? my
site/database through the URL. So far, I've got 2 tablenames, the
datasource, and some field names. I dont want
but my DB isn't located in some folder, it's a SQL server DB, not an access
file.
From: Peter Tilbrook [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Subject: RE: Compromising Security
Date: Wed, 23 May 2001 11:56:50 +1000
The first thing you should do is store
). It doesn't
take much extra coding, and it quickly becomes second nature. Your
applications will be more stable, secure, and happier for it.
-Original Message-
From: Peter Tilbrook [mailto:[EMAIL PROTECTED]]
Sent: May 22, 2001 18:57
To: CF-Talk
Subject: RE: Compromising Security
Application Developer
[EMAIL PROTECTED]
-Original Message-
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 9:28 AM
To: CF-Talk
Subject: Compromising Security
hey, I was wondering what are the least amount of information someone needs
to compromise my database
-Talk [EMAIL PROTECTED]
Sent: Wednesday, May 23, 2001 12:16 PM
Subject: RE: Compromising Security
but my DB isn't located in some folder, it's a SQL server DB, not an access
file.
From: Peter Tilbrook [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Subject: RE
13 matches
Mail list logo