Search Security
-
Hey I have developed a webpage that has a search feature. Now I have read articles in the past that warn about security - how hackers could type bad input that could drop or damage your tables, and ways to go about stopping this from happening. Now does this still apply today with .net v2? As i have noticed it has some built in security that stops you from entering ceratin characters. If I still should add extra security does anyone know of any good articles or have an pointers? Thanks!
-
Hey I have developed a webpage that has a search feature. Now I have read articles in the past that warn about security - how hackers could type bad input that could drop or damage your tables, and ways to go about stopping this from happening. Now does this still apply today with .net v2? As i have noticed it has some built in security that stops you from entering ceratin characters. If I still should add extra security does anyone know of any good articles or have an pointers? Thanks!
tmoney101 wrote:
Now does this still apply today with .net v2?
Absolutely, yes!
tmoney101 wrote:
If I still should add extra security does anyone know of any good articles or have an pointers?
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
Hey I have developed a webpage that has a search feature. Now I have read articles in the past that warn about security - how hackers could type bad input that could drop or damage your tables, and ways to go about stopping this from happening. Now does this still apply today with .net v2? As i have noticed it has some built in security that stops you from entering ceratin characters. If I still should add extra security does anyone know of any good articles or have an pointers? Thanks!
OK - don't use inline SQL. Use Stored Procedures. HTMLEncode your input. Verify the input to detect common injection conditions. Colin has a good article on how to do this.
Arthur Dent - "That would explain it. All my life I've had this strange feeling that there's something big and sinister going on in the world." Slartibartfast - "No. That's perfectly normal paranoia. Everybody in the universe gets that." Deja View - the feeling that you've seen this post before.