----------------------------------------------------------- New Message on BDOTNET
----------------------------------------------------------- From: laks_win Message 7 in Discussion Hi all, Pls visit this blog, and find the excellent links on sql injection (PDFs and others, They all are really superb) http://www.rjdudley.com/blog/CrossSiteScriptingXSSAttacksSQLInjectionAndASPNET.aspx Here, sql injection is explored (the urls, i gone thru)!! http://www.securitydocs.com/library/2656 http://www.sitepoint.com/print/sql-injection-attacks-safe http://www.unixwiz.net/techtips/sql-injection.html Pls visit this blog...stored procedure are also under attack with SQL Injections http://www.dotnetjunkies.com/WebLog/chris.taylor/archive/2004/10/13/28370aspx So the advice is... 1. Validate the user inputs, remove the hack characters and string 2. Use "sp_executesql" over "stored procedure" Try the SQL injections/HTML injections(on ur own site only) and enjoy the HACKs!! Regards Lakshmi Narayanan.R ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/bdotnet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]
