DB Login Security
Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=3006
Printed Date: 29 March 2026 at 10:14am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: DB Login Security
Posted By: Scotty32
Subject: DB Login Security
Date Posted: 25 May 2003 at 4:57am
|
i was randomly lookin on 4 Guys From Rolla or sumfin and went to the ASP FAQs site and found this: i dont understand how a hacker can do this.... as my "users" wouldnt ever get "his" link could sumone please explain it a lil better to me? and id also like to know other ways i can secure my login thanks (PS: yes i've already put the DB below the htdocs bit) |
Replies:
Posted By: Mart
Date Posted: 25 May 2003 at 5:08am
| If you are writing something from the querysting ie <%=request.querystring("erro")%> just replace it with <%=server.htmlencode(request.querystring("error"))%> but I dont see how they can hack like that anyway... |
Posted By: Scotty32
Date Posted: 25 May 2003 at 5:12am
|
yeah thats wot i was thinkin cose on my site i have so how could they put the HTML into it, and also, like i said, i dont see how you get the "hackers" link anyway.... is it on there site or sumfin which i doubt my users would see the "hackers" site thought which is why i asked about this |
Posted By: Mart
Date Posted: 25 May 2003 at 5:50am
| You dont need it for if statements its just for writing the querystring without filtering it... |
Posted By: Gullanian
Date Posted: 25 May 2003 at 11:37am
|
yeah you only need to worry about it if you always try to print a querstring value simple way to overcome it is simply hav e a error library, so if user ocomes accros error do redirect("error.asp?e=1") and if e=1 then response.write, that way people cant print their own code |