Re: Query string variables security risk

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "KBuser" <Kyle.Buser@xxxxxxxxx>
Date: 5 Apr 2006 11:31:07 -0700

Thirsty Traveler wrote:

I have a question regarding the use of guery string variables. I understand
this can be a security risk subject to "brute force" attacks. Is this true
and, if so, what is the proper way to handle it? Should they never be used?

Just use stored procedures instead of in-line SQL statements, and
you'll probably be alright. Like the guy above me said, just don't use
query strings for sensitive data.

.

Follow-Ups:
- Re: Query string variables security risk
  - From: Joerg Jooss
- Re: Query string variables security risk
  - From: Thirsty Traveler

References:
- Query string variables security risk
  - From: Thirsty Traveler

Prev by Date: small code segment causes page not to work with IE
Next by Date: Re: Object Creation.
Previous by thread: Re: Query string variables security risk
Next by thread: Re: Query string variables security risk
Index(es):
- Date
- Thread

Relevant Pages

Re: Query string variables security risk
... understand this can be a security risk subject to "brute force" ... attacks. ... Is this true and, if so, what is the proper way to handle ... You need to make sure that you're not constructing SQL statements by simple string concatenation, but use parameters instead when using Dynamic SQL. ...
(microsoft.public.dotnet.framework.aspnet)
Query string variables security risk
... I have a question regarding the use of guery string variables. ... this can be a security risk subject to "brute force" attacks. ...
(microsoft.public.dotnet.framework.aspnet)
Re: How fast computers have made ciphers unbreakable
... type of brute force, not even the NSA. ... attacks (and attacks requiring 2^64 bytes of chosen plaintext are not ... Backdoors might help, but even backdoors are hard to include in ... computers become faster and faster and practical attacks move further ...
(sci.crypt)
Re: denying spam hosts ssh access - good idea?
... I get brute force ssh attacks. ... I made this tool to create lists of ip ranges for individual countries: ... disable password based authentication and rely on keys, then you can ignore all the brute force attempts. ...
(freebsd-questions)
Re: passw0rd trial limit
... he/she can only login for aboout 2 hours later ... configuration)--then brute force the logins. ... As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. ... You have an option to go with a managed service or an enterprise software. ...
(Pen-Test)