Oops! Sorry! I meant to say "apostrophe" and not "single quotes"...
And sorry 'bout this additional post... Regards, - E >Actually, I DID read the articles before I replied. > >If you read it again, the basic problem is not about any "extended >SQLServer functionality"--it's about how ASP works AND how the database >server was configured AND how Window$ works. > >Sorry, but the attacks mentioned CANNOT be done on any of the database >servers that I've used. And with PHP, Apache, Linux combination, they just >don't apply. > >Hey, don't get me wrong. I really appreciate any security info but >personally I don't think they apply here... > >- E > >HINT: PHP doesn't use another "'" (single quote) character to escape >another single quote character--it's just basically stupid to do so. > >HINT 2: Configure your database server to have, for example, (1) a database >username/password that can only SELECT -- enough for dynamically generated >pages (2) a username/password that can only do INSERT or UPDATE, etc. Why >would I make a username/password for my web pages that can delete important >table or the entire database itself? > >> >>If you'll thoroughly read the articles, most of those attacks that don't >>involve the use of extended SQLServer functionality, CAN be done on >>other RDBMS's. And if nothing else, you'll see the ingenuity of the >>attackers. >> >>Hey, take what you liked, and leave the rest lay. >>-- >> >>If You want to buy computer parts, see the reviews at: >>http://www.cnet.com/ >>**OR EVEN BETTER COMPILATIONS**!! >>http://sysopt.earthweb.com/userreviews/products/ > > > > >_________________________________________________________________ >Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php _________________________________________________________________ Charle con sus amigos online usando MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
