dcsimg
www.webdeveloper.com
Results 1 to 6 of 6

Thread: Security Do's and Don'ts...

  1. #1
    Join Date
    May 2005
    Posts
    502

    Security Do's and Don'ts...

    I was a little concerned the other day because I read a little something about SQL Injection attacks, quickly tried it on one of my sites and managed to 'hack' into my account I quickly fixed it, but its left me wondering how many other things I've left unsecured.

    I do use MS Access databases a lot for smaller websites, but they're not stored in the www directory, but in a database directory elsewhere on the server.

    I use Session and Application variables a lot, is there any way the user can view/set session variables themselves?

    I'm obviously sensible enough not to store passwords anywhere, and not to pass data on the query string unless heavily encrypted...

    Anyone have any advice?

  2. #2
    Join Date
    Jun 2004
    Location
    Kansas City, MO
    Posts
    1,607
    Read the post made by russel.
    It goes over the sql injunction and he has some other links to other stuff.

    http://www.webdeveloper.com/forum/sh...ad.php?t=56764

  3. #3
    Join Date
    May 2005
    Posts
    502
    Thanks for the link, I've read over that and I definitely validate all input now

    Is there a way someone can see what session variables they have set? I presume there must be, perhaps some sort of debugging tool.

    I ask because if one does exist you could definitely do some naughty things on at least one of my websites.

  4. #4
    Join Date
    Jun 2004
    Location
    Kansas City, MO
    Posts
    1,607
    no one can see the session variables, unless im missing something. Those should be secure on the server per that session that they were created with.

  5. #5
    Join Date
    Jan 2004
    Location
    Melbourne, Australia
    Posts
    5,298
    You could take a look at, and somehow decrypt your local cookies, which are created when a Session is instantiated. Sessions are not perfect, but that is what we've got.

    Your site will always be hackable. So will mine.

    As long as you cover for the basic security holes, you should be fine. If your dealing with sensitive data, you could look into an SSL certificate.

    ASP security is well documented. Google it.

    Regards.

  6. #6
    Join Date
    May 2005
    Posts
    502
    OK, thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles