Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - DB Login Security
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

DB Login Security
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Topic: DB Login Security
    Posted: 25 May 2003 at 4:57am

i was randomly lookin on 4 Guys From Rolla or sumfin and went to the ASP FAQs site and found this:
http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=197

but i dont understand it....

i dont understand how a hacker can do this.... as my "users" wouldnt ever get "his" link could sumone please explain it a lil better to me?

and id also like to know other ways i can secure my login

thanks

(PS: yes i've already put the DB below the htdocs bit)
Back to Top
Mart View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 November 2002
Status: Offline
Points: 2304 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mart Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2003 at 5:08am
If you are writing something from the querysting ie <%=request.querystring("erro")%> just replace it with <%=server.htmlencode(request.querystring("error"))%> but I dont see how they can hack like that anyway...
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2003 at 5:12am

yeah thats wot i was thinkin

cose on my site i have

<%if request.querystring("error") = "Yes" then response.write("Your Username or Password was wrong, Please try again")%>

so how could they put the HTML into it, and also, like i said, i dont see how you get the "hackers" link anyway.... is it on there site or sumfin

which i doubt my users would see the "hackers" site thought

which is why i asked about this
Back to Top
Mart View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 November 2002
Status: Offline
Points: 2304 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mart Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2003 at 5:50am
You dont need it for if statements its just for writing the querystring without filtering it...
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2003 at 11:37am

yeah you only need to worry about it if you always try to print a querstring value

simple way to overcome it is simply hav e a error library, so if user ocomes accros error do redirect("error.asp?e=1") and if e=1 then response.write, that way people cant print their own code
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.