ASP - someone update my database

Author

someone update my database

2006-02-27, 7:55 am

hello to aal,

how its mossible to someone update may database, for now we have a database
and time to time, someone update a record, changing the information.

what can i do to avoid this?

thanks on advance
AMA

Bob Barrows [MVP]

2006-02-27, 6:56 pm

AA wrote:
> hello to aal,
>
> how its mossible to someone update may database, for now we have a
> database and time to time, someone update a record, changing the
> information.
>
> what can i do to avoid this?
>
Given the lack of information (database type and version? internet vs
intranet? etc.) all we can do is guess. Here is my guess, based on my
assumption that you are using an Access database:

1. Your use of dynamic sql has left your database exposed to attacks by
hackers using the sql injection technique
(http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adv...l_injection.pdf)
You can eliminate this threat by using parameters instead of dynamic sql

http://groups.google.com/groups?hl=...ftngp13.phx.gbl

http://groups.google.com/groups?hl=...FTNGP11.phx.gbl

http://www.google.com/groups?selm=e...8&output=gplain

http://www.google.com/groups?hl=en&...FTNGP12.phx.gbl

Using Command object to pass values to parameter markers in a sql string:
http://groups-beta.google.com/group...2e36562fee7804e

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Sponsored Links