someone update my database

Discussion in 'ASP General' started by AA, Feb 27, 2006.

  1. AA

    AA Guest

    hello to aal,

    how its mossible to someone update may database, for now we have a database
    and time to time, someone update a record, changing the information.

    what can i do to avoid this?

    thanks on advance
    AMA
    AA, Feb 27, 2006
    #1
    1. Advertising

  2. AA wrote:
    > hello to aal,
    >
    > how its mossible to someone update may database, for now we have a
    > database and time to time, someone update a record, changing the
    > information.
    >
    > what can i do to avoid this?
    >

    Given the lack of information (database type and version? internet vs
    intranet? etc.) all we can do is guess. Here is my guess, based on my
    assumption that you are using an Access database:

    1. Your use of dynamic sql has left your database exposed to attacks by
    hackers using the sql injection technique
    (http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
    http://www.nextgenss.com/papers/advanced_sql_injection.pdf)
    You can eliminate this threat by using parameters instead of dynamic sql

    http://groups.google.com/groups?hl=...=1&selm=

    http://groups.google.com/groups?hl=...=1&selm=ukS$6S$

    http://www.google.com/groups?selm=&oe=UTF-8&output=gplain

    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=

    Using Command object to pass values to parameter markers in a sql string:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Bob Barrows

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Feb 27, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hartmut Schroth
    Replies:
    3
    Views:
    3,498
    Hartmut Schroth
    Dec 1, 2003
  2. joun
    Replies:
    9
    Views:
    2,235
    W.G. Ryan eMVP
    Nov 30, 2004
  3. joun
    Replies:
    5
    Views:
    2,661
  4. Replies:
    12
    Views:
    800
    Blinky the Shark
    Sep 1, 2005
  5. Selyb Mit
    Replies:
    0
    Views:
    97
    Selyb Mit
    Dec 11, 2010
Loading...

Share This Page