I was a little concerned the other day because I read a little something about SQL Injection attacks, quickly tried it on one of my sites and managed to 'hack' into my account :mad: I quickly fixed it, but its left me wondering how many other things I've left unsecured.
I do use MS Access databases a lot for smaller websites, but they're not stored in the www directory, but in a database directory elsewhere on the server.
I use Session and Application variables a lot, is there any way the user can view/set session variables themselves?
I'm obviously sensible enough not to store passwords anywhere, and not to pass data on the query string unless heavily encrypted...
Anyone have any advice?