|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
September 25th, 2005, 12:54 AM
|
|||
|
|||
|
these forums are educational and addictive!
You all make it so much fun to post here, and I look at other forums in here and I try to figure stuff out. I've figured out something about javascript and HTML. I learned that javascript can be a seperate file from the HTML file. That's great! it can reduce some clutter for me and contain all of my js commands on one file. On the downside I suppose is remembering references and what does what and goes where. As anyone who knows me knows I'm very much a n00b. I've been exploring computers more in depth since high school. I still need to get a solid understanding of HTML. I guess I need to spend some time in the HTML forums and see what people say about that stuff.
Well, since I'm on the subject, what's SQL injection? I hear that phrase thrown around quite frequently in there and I'd like to know what it means. Remember to explain simply kuz I'm still a n00b 
|
|
#2
September 25th, 2005, 01:43 AM
|
||||
|
||||
|
The fun part is all thanks to me. The educational part has absolutely nothing to do with me
 And SQL injection is when you shape the input given to a specific SQL query so that you manipulate it to perform an action it was not meant to do. For example, if you have a form with a standard username/password login prompt, I could type in a username or password that would alter the SQL query that ran that input, so that the actual query being executed is different than what was intended. This is usually done to insert always true statements and such, so that access will be given regardless of whether or not the password was correct.
|
|
#3
September 25th, 2005, 08:17 AM
|
||||
|
||||
|
hmm.... where's that link you always had in your signature, bcon? rare thing just happened!
|
|
#4
September 25th, 2005, 01:01 PM
|
|||||
|
|||||
|
If you do a search for Injection Attacks there are a lot of examples to help you avoid the problem. The most simple injection attack can be something like:
sql Code:
the closes the string and instead respond with a true statement as 1 does equal 1. The -- will cancel the asp quotation error. Very simple and harmless but with some ingenuity you can do a lot of damage.
__________________
--RP7-- - Rome was built in a day - - nevermind, i've been there... impossible... if (scales=="click" && points=="lots") {me==happy}
|
|
#5
September 25th, 2005, 02:47 PM
|
||||
|
||||
|
Quote:
|
|
#6
September 26th, 2005, 04:01 AM
|
||||
|
||||
|
Quote:
|
|
#7
September 26th, 2005, 11:09 AM
|
||||||
|
||||||
|
Quote:
if that happens......i think he is losing his title of "Troll King" 
|
|
#8
September 26th, 2005, 11:12 AM
|
||||
|
||||
|
Quote:
|
|
#9
September 26th, 2005, 11:15 AM
|
||||||
|
||||||
|
Quote:
ya..... or the world wud become a troll free world 
|
|
#10
September 26th, 2005, 02:11 PM
|
||||
|
||||
|
My kingdom would fall, and the world economy would collapse. Trolling isn't just a hobby, it's the service I give the whole world.....
|
|
| Viewing: ASP Free Forums > Other > ASP Free Lounge > these forums are educational and addictive! |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
