Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Announcements
 Announcements: Community
 Ever1 become an Admin		  New Topic  Topic Locked
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 2

HuwR
Forum Admin

United Kingdom
20593 Posts
Posted - 06 January 2002 :  04:23:45  Show Profile  Visit HuwR's Homepage
especially considering that midnight on the forum isn't midnight according to the server :)

I am none the wiser, mst of the security/hack problems reported in the help forums have been to do with Access databases, which can be pretty easy to download, we do not use access here we use SQL.
Go to Top of Page

Nathan
Help Moderator

USA
7664 Posts
Posted - 06 January 2002 :  04:31:38  Show Profile  Visit Nathan's Homepage
Yup, thats probably correct.

Hopefully in the future the password encryption will be added. Then there wont be a problem with that anymore.

 Nathan Bales - Romans 15:13
---------------------------------
Snitz Exchange | Mod Resource
Go to Top of Page

pweighill
Junior Member

United Kingdom
453 Posts
Posted - 06 January 2002 :  14:52:12  Show Profile
quote:
I am none the wiser, mst of the security/hack problems reported in the help forums have been to do with Access databases, which can be pretty easy to download, we do not use access here we use SQL.


Using SQL Server doesn't stop you being hacked. You need to make sure that all your SQL code is checked before it is executed on the server.

Most of the string parameters are checked using the chkstring function to make sure that there are no ' in them but not all the number parameters are checked to see if they are numbers.

I've posted bug reports about some of these before but some people have just shrugged them off, saying that they wouldn't be passed through as a non-number, normally they wouldn't be but we are not talking about the normal situations.

I'm sure some of the other bulletin board systems, even those using php will have similar concerns.

An easy way to check wether there might be a problem is to put a ' or " in each field in a form an see if a nice error message is shown or an obscure one is displayed. If you get an obscure one then it might mean that ' and " are not been checked properly and there might be some problems.
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20593 Posts
Posted - 07 January 2002 :  04:06:29  Show Profile  Visit HuwR's Homepage
and how would this compromise the security. If you have examples, then please mail them to one of the administrators.
Go to Top of Page

pweighill
Junior Member

United Kingdom
453 Posts
Posted - 07 January 2002 :  15:16:15  Show Profile
quote:
and how would this compromise the security. If you have examples, then please mail them to one of the administrators.


I have sent yourself and Richard Kinser an example via email.
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Previous Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.08 seconds. Powered By: Snitz Forums 2000 Version 3.4.07