>From: "Paris Lundis" <[EMAIL PROTECTED]>
>Subject: RE: URL Hacks - Solution
>I think the script is a good first attempt and seems to address the URL
>hack threads previously that have gone around.
Thank you. My feelings exactly. As usual, Dave Watts was right when he said
this script doesn't cover enough attacks. However, it was intended to cover
the attack that started this thread. I'll be happy to expand it's abilities
if I can get some help.
>so programatically (SQL wise) what else might one post in the string to
>pickup further data???... May the SQL gods speak...
The fun part about dealing with hack attacks on a public forum like this is
that no one wants to dish any details, which is a good thing, but it does
make projects like this difficult.
>I think if we all chip in with some specifics this program
>could get furthered and cover perhaps other known hack arounds...
If anyone has any other info on database hacks that they'd like to help
defend against, please contact me off list. The more I know about, the
better this script can be.
If you have just general comments, please post them here of course. Maybe
your thought will get someone thinking.
Thanks again, Paris for the good words and push to continue.
>From: "Bruce, Rodney" <[EMAIL PROTECTED]>
>Subject: RE: URL Hacks - Solution
>URL hacks I think are easier to handle than form.Variables.
As far as I'm concerned, variables are variables. These attacks require
certain language context no matter if they come from urls, forms, etc., so
filtering out the key phrase(s) the right way *should* repel them.
>But I like the
>idea of adding the notification by email when an attempted hack is tried
>and
>then kicking them off site.
Thanks, Bruce. That's the real meat of my security concepts. If anything
unwanted is going on, I want to know about it and get rid of them. I never
understood why we throw a friendly error message to someone attacking our
system.
But that's just me.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
