CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> Archive -> CodeCharge.Discussion

 Injection hacks

 Print topic Send topic

Author Message
Craig Norberg-Bohm
Posted: 07/13/2002, 6:55 PM
To all:

I am concerned about CC being vulnerable to injection hacks out of the box.
Anyone looking into protection coding around the login fields and the search
text fields?

For information on an injection hack, see:
http://www.webmasterbase.com/article.php?pid=140&aid=794

I find that I can write a custom login to protect those fields, but the
search text fields aren't exposed in the search/grid events.

Craig
Alexey Alexapolsky
Posted: 07/15/2002, 5:35 AM
We've taken care about it.
E.g. all field content is escaped,
so that no one could inject sql into it.

--

Alex,
Support Engineer
CodeCharge Team


"Craig Norberg-Bohm" <cnb10@yahoo.com> wrote in message
news:agqlls$afn$1@news.codecharge.com...
> To all:
>
> I am concerned about CC being vulnerable to injection hacks out of the
box.
> Anyone looking into protection coding around the login fields and the
search
> text fields?
>
> For information on an injection hack, see:
> http://www.webmasterbase.com/article.php?pid=140&aid=794
>
> I find that I can write a custom login to protect those fields, but the
> search text fields aren't exposed in the search/grid events.
>
> Craig
>
>
>
Craig Norberg-Bohm
Posted: 07/24/2002, 6:41 PM
Thanks Alex,
I'll trial out some tests.
Let you know how it goes.
Craig

"Alexey Alexapolsky" <alexa@codecharge.com> wrote in message
news:agufio$lgn$2@news.codecharge.com...
> We've taken care about it.
> E.g. all field content is escaped,
> so that no one could inject sql into it.
>
> --
>
> Alex,
> Support Engineer
> CodeCharge Team
>
>
> "Craig Norberg-Bohm" <cnb10@yahoo.com> wrote in message
>news:agqlls$afn$1@news.codecharge.com...
> > To all:
> >
> > I am concerned about CC being vulnerable to injection hacks out of the
> box.
> > Anyone looking into protection coding around the login fields and the
> search
> > text fields?
> >
> > For information on an injection hack, see:
> > http://www.webmasterbase.com/article.php?pid=140&aid=794
> >
> > I find that I can write a custom login to protect those fields, but the
> > search text fields aren't exposed in the search/grid events.
> >
> > Craig
> >
> >
> >
>
>

   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Internet Database

Visually create Web enabled database applications in minutes.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.