如何避免被破解!

泌鲁沙夫 — Tue, 17 Apr 2007 09:04:00 GMT

btw, If you RUN IIS 6.0, just disable access to root directory using "e;..\"e; and also, disable "e;Detailed Error Message"e; and replace it with "e;Sorry, and error has occured"e; this way, there is no way for the attempting hacker to get any info back. Also in your ASP code or ASP.NET either use stored procedures, or make addition check statements to look at your Request.QueryString("e;"e;) or Request.Form("e;"e;)... like.. do a instr(stringname,"e;;"e;) test and see if "e;;"e; is found, if so throw exception. because if you enter data into a vulnerable form this will happen:
Lets say you input "e;test' ; ;"e; into the form, then for the following SQL Query
SQLString = "e;Select * From Table1 where Username='"e; & userName & "e;'"e;...
It would look like :
Select * From Table1 where Username='test'; ;
Which would then execute whatever comes after.

And you should test for other similar things, such as comamnds to Delete records and so forth. :)

泌鲁沙夫 2007-04-17 17:04 发表评论

BlogJava-★Daniel's Blog★-文章分类-Java

如何避免被破解!