Prevent Some of the sql injection possiblities
hai
Yester day i red an article on http://forums.iis.net/p/1148917/1869844.aspx .This is about sql injection attackes.There i found some thing usefull for others who are trying to find some thing for prevent sql injection hacker attacks.
use [Master]
GO
DENY SELECT ON [INFORMATION_SCHEMA].[TABLES] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[COLUMNS] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[VIEW_COLUMN_USAGE] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[CONSTRAINT_COLUMN_USAGE] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[COLUMN_PRIVILEGES] TO [Public]
GO
use [Your_Database_name]
GO
DENY SELECT ON [sys].[columns] TO [Your_User]
DENY SELECT ON [sys].[tables] TO [Your_User]
DENY SELECT ON [sys].[syscolumns] TO [Your_User]
DENY SELECT ON [sys].[sysobjects] TO [Your_User]
DENY SELECT ON [sys].[objects] TO [Your_User]
DENY SELECT ON [sys].[syscomments] TO [Your_User]
GO
<%
str = request.servervariables(“QUERY_STRING”)
if instr(str, “;”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “;”) then response.redirect(“/404msg.asp”)
str = request.servervariables(“QUERY_STRING”)
if instr(str, “–”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “–”) then response.redirect(“/404msg.asp”)
str = request.servervariables(“QUERY_STRING”)
if instr(str, “‘”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “‘”) then response.redirect(“/404msg.asp”)
%>
Execuse me for my bad English
any way Ciao tutti
Rai- An error has occurred; the feed is probably down. Try again later.
-
Archives
- June 2009 (1)
- March 2009 (1)
- January 2009 (2)
- June 2008 (3)
-
Categories
-
RSS
Entries RSS
Comments RSS
