hai

Yester day i red an article on http://forums.iis.net/p/1148917/1869844.aspx .This is about sql injection attackes.There i found some thing usefull for others who are trying to find some thing for prevent sql injection hacker attacks.

use [Master]

GO

DENY SELECT ON [INFORMATION_SCHEMA].[TABLES] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[COLUMNS] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[VIEW_COLUMN_USAGE] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[CONSTRAINT_COLUMN_USAGE] TO [Public]

DENY SELECT ON [INFORMATION_SCHEMA].[COLUMN_PRIVILEGES] TO [Public]

GO

use [Your_Database_name]

GO

DENY SELECT ON [sys].[columns] TO [Your_User]

DENY SELECT ON [sys].[tables] TO [Your_User]

DENY SELECT ON [sys].[syscolumns] TO [Your_User]

DENY SELECT ON [sys].[sysobjects] TO [Your_User]

DENY SELECT ON [sys].[objects] TO [Your_User]

DENY SELECT ON [sys].[syscomments] TO [Your_User]

GO

 

<%
str = request.servervariables(“QUERY_STRING”)
if instr(str, “;”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “;”) then response.redirect(“/404msg.asp”)

str = request.servervariables(“QUERY_STRING”)
if instr(str, “–“) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “–“) then response.redirect(“/404msg.asp”)

str = request.servervariables(“QUERY_STRING”)
if instr(str, “‘”) then response.redirect(“/404msg.asp”)
str = Request.Form
if instr(str, “‘”) then response.redirect(“/404msg.asp”)
%>

 Execuse me for my bad English

any way Ciao tutti

Advertisements