Eivo Posted June 15, 2007 Share Posted June 15, 2007 I am creating a content management system using MsSQL and ASP, and I want to make it as secure as I can. So my question is, what characters should I block the user from entering in my database? And a more general question, what are some things I should do in general to keep myself safe from attacks and the like? Thanks in advance!:)EDIT: If it helps I am using ASP (not .NET) with JScript (not VB). Link to comment Share on other sites More sharing options...
zppblood Posted June 15, 2007 Share Posted June 15, 2007 http://www.owasp.org/index.php/SQL_injection Link to comment Share on other sites More sharing options...
Yahweh Posted June 16, 2007 Share Posted June 16, 2007 I am creating a content management system using MsSQL and ASP, and I want to make it as secure as I can. So my question is, what characters should I block the user from entering in my database? And a more general question, what are some things I should do in general to keep myself safe from attacks and the like? Thanks in advance!:)EDIT: If it helps I am using ASP (not .NET) with JScript (not VB).If your creating stored procedures, then you only need to fill your command object with the correct parameters and SQL Server will take care of the rest.Otherwise, if you're creating dynamic queries or your queries are embedded in JScript, then escape single quotes (') and double quotes ("). If you're using another database like MySQL, then you should escape backslashes (\) too. Link to comment Share on other sites More sharing options...
Eivo Posted June 18, 2007 Author Share Posted June 18, 2007 Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.