Re: Protecting my app from get?
From: Joker (no-spam_at_netzero.com)
Date: 09/30/04
- Previous message: Robert Mark Bram: "Re: Protecting my app from get?"
- In reply to: Robert Mark Bram: "Re: Protecting my app from get?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 29 Sep 2004 21:04:21 -0600
One suggestion stop using ODBC. This may not solve the problem, but it
will make your application faster.
http://www.aspfaq.com/show.asp?id=2126
Now for the error you might try looking at the articles listed in this
search. One of them might help you I hope.
http://www.aspfaq.com/search.asp?q=80040E14&type=ALL&category=0&numDays=0&order=1
Robert Mark Bram wrote:
> Hi Ray!
>
>
>
>>. Read this.
>>http://www.nextgenss.com/papers/advanced_sql_injection.pdf
>
>
> I had a go at one of the examples with my own site. I tried to log in with
> username:
> ' or 1=1--
> and any password.
>
> I got this:
>
> Error Type:
> Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
> [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query
> expression 'username = '' or 1=1--''.
> /RobertMarkBram/login/UsersDatabase.asp, line 48
>
> Maybe ASP/IIS is a bit smarter now?
>
> Rob
> :)
>
>
- Previous message: Robert Mark Bram: "Re: Protecting my app from get?"
- In reply to: Robert Mark Bram: "Re: Protecting my app from get?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
