Dileepstanley’s Weblog

…………………………………….

Prevent Some of the sql injection possiblities

hai

Yester day i red an article on http://forums.iis.net/p/1148917/1869844.aspx .This is about sql injection attackes.There i found some thing usefull for others who are trying to find some thing for prevent sql injection hacker attacks.

use [Master]

GO

DENY SELECT ON [INFORMATION_SCHEMA].[TABLES] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[COLUMNS] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[VIEW_COLUMN_USAGE] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[CONSTRAINT_COLUMN_USAGE] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[COLUMN_PRIVILEGES] TO [Public]

GO

use [Your_Database_name]

GO

DENY SELECT ON [sys].[columns] TO [Your_User]

DENY SELECT ON [sys].[tables] TO [Your_User]

DENY SELECT ON [sys].[syscolumns] TO [Your_User]

DENY SELECT ON [sys].[sysobjects] TO [Your_User]

DENY SELECT ON [sys].[objects] TO [Your_User]

DENY SELECT ON [sys].[syscomments] TO [Your_User]

GO

 

<%
str = request.servervariables(“QUERY_STRING”)
if instr(str, “;”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “;”) then response.redirect(“/404msg.asp”)

str = request.servervariables(“QUERY_STRING”)
if instr(str, “–”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “–”) then response.redirect(“/404msg.asp”)

str = request.servervariables(“QUERY_STRING”)
if instr(str, “‘”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “‘”) then response.redirect(“/404msg.asp”)
%>

 Execuse me for my bad English

any way Ciao tutti

June 23, 2008 Posted by dileepstanley | asp site security, sql injection, sql server security | , , | No Comments Yet

Antispy check antispyware

hai all

yesterday some time i allowed a web site to run a video .it install a spware on my machine .for installing a new spy ware it always a tray icon blinking.it is terrible to say no good anti virus software can not find and block it.today i found a an anti malware made malwarebyte’s  antimalware 1.17.it is enough and good for cleaning antispy check spy ware.

 

ok guys

 

June 19, 2008 Posted by dileepstanley | Uncategorized | | No Comments Yet

It is my first blog ever on inter net

hello ever body

it is my first in my life as a blogger.my intention for register as a blogger with wordpress for discuss some thing about my experinces and tricks and tips i used when i am programming.Also i want to share those pages on web sites i found use full for progrmmers.

ok dears

 

June 17, 2008 Posted by dileepstanley | Uncategorized | , , , | No Comments Yet