silvercover
Posts: 26
|
| Posted: 03/24/2007, 3:03 AM |
|
Hi
I want to ask why does CCS has not security features like hashing, specially for passwords and other sensitive data?
I want to ask are there any considerations for preventing SQL injection and other language-specific vulnerabilities? if there are, so please explain them for me briefly.
Thanks in advance.
_________________
The more I learn, the less I know! |
 |
 |
peterr
Posts: 5971
|
| Posted: 03/24/2007, 2:23 PM |
|
Quote :I want to ask why does CCS has not security features like hashing, specially for passwords and other sensitive data?
For the same reasons that CCS doesn't have some other features yet. For now encrypting passwords may require a 5 minute change like described at http://forums.codecharge.com/posts.php?post_id=84768
BTW, our Website and this forum don't use hashing and are very secure. Various sensitive data is well protected.
Quote :I want to ask are there any considerations for preventing SQL injection and other language-specific vulnerabilities? if there are, so please explain them for me briefly.
CCS wraps SQL statements in anti-injection functions. You would need to be more specific about "other language-specific vulnerabilities" because it sounds like you are trying to find problems that don't exist.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
susanpconnick
Posts: 2
|
| Posted: 03/30/2007, 7:24 AM |
|
Peter,
Can you direct me in where I can find specific information in regard to "CCS wraps SQL statements in anti-injection functions."
My current version of CCS is 2.3.2.26 and we are programming in asp. I'm most concerned with sql in regard to MS Access databases.
I did read where CCToSQL function has some level of "scrubbing", but when I examined my generated code I could not see where the CCToSQL function is being call.
Thanks in advance.
_________________
Sincerely,
Susan |
|
|
|
silvercover
Posts: 26
|
| Posted: 03/30/2007, 9:24 AM |
|
Yes i think that would be useful to be more detailed about SQL statements security.
_________________
The more I learn, the less I know! |
|
|
|
silvercover
Posts: 26
|
| Posted: 03/30/2007, 9:50 AM |
|
Quote peterr:
You would need to be more specific about "other language-specific vulnerabilities" because it sounds like you are trying to find problems that don't exist.
I am not trying to find problems that don't exist, I am trying to prevent potential problems and risks.
Everybody know that each of web programming languages has its own vulnerabilities or in other words weakness. Here i want to know what CCS makers did to make CCS more secure. You don't need to be more specific. Just explain security considerations. For example what have you done for magic quotes, SQL injection,session security and others. Notice that i don't expect CCS makers to fix vulnerabilities or weakness of programming languages.
_________________
The more I learn, the less I know! |
|
|
|
susanpconnick
Posts: 2
|
| Posted: 04/02/2007, 7:55 PM |
|
Can anyone please direct me in where I can find specific information in regard to "CCS wraps SQL statements in anti-injection functions" ?
My current version of CCS is 2.3.2.26 and we are programming in asp. I'm most concerned with sql in regard to MS Access databases.
I did read where CCToSQL function has some level of "scrubbing", but when I examined my generated code I could not see where the CCToSQL function is being call.
Thanks in advance.
_________________
Sincerely,
Susan
_________________
Sincerely,
Susan |
|
|
|
whiterabbitwond
Posts: 28
|
| Posted: 04/26/2007, 9:09 AM |
|
i would like to add my vote to being able to see specifically some of the ways that codecharge helps to protect against various exploits. Specifically sql injections, session security etc. Thanks.
|
|
|
|
silvercover
Posts: 26
|
| Posted: 04/26/2007, 9:19 AM |
|
Well codecharge studio engineers, where are you?
We want your comments please.
_________________
The more I learn, the less I know! |
|
|
|
Wkempees
|
| Posted: 04/27/2007, 3:21 AM |
|
This is a USER forum, so awaiting reply from the developers might take
some time.
You always have the option of contacting support.
Walter
|
|
|
|
JimmyCrackedCorn
Posts: 583
|
| Posted: 04/27/2007, 9:13 AM |
|
since YESsoftware already participated in this thread it seems reasonable to expect they would continue to do so!
_________________
Walter Kempees...you are dearly missed. |
|
|
|
silvercover
Posts: 26
|
| Posted: 04/27/2007, 9:43 AM |
|
Yes i agree with JimmyCrackedCorn.
_________________
The more I learn, the less I know! |
|
|
|
wkempees
|
| Posted: 04/28/2007, 4:58 AM |
|
Sorry just friendly advice.
He, Silvercover, was addressing engineers plural.
Walter
"JimmyCrackedCorn" <JimmyCrackedCorn@forum.codecharge> schreef in bericht
news:24632212b9c346@news.codecharge.com...
> since YESsoftware already participated in this thread it seems reasonable
> to
> expect they would continue to do so!
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.yessoftware.com/
>
|
|
|
|
