Since we're talking about filters, make sure you also use a filter for semicolons (at the minimum) on any input that is going directly into an SQL statement to prevent your entire database from being deleted.
See SQL Injection Attack. Admin Edit.
This discussion was split off from the original thread, which can be found at Force .DefaultValue to be a string.
16  4379  NeoPa 32,556
Expert Mod 16PB
I see you're developing mind-reading abilities too now Chip.
I was thinking about bringing that into the thread. Now you've found the link I will add it to my frequently used list. This is certainly something that bears repeating.
@ChipR
Did anybody perform it successfully in Access?
NeoPa 32,556
Expert Mod 16PB @FishVal
Are you asking if it's possible to hack into an Access database, or whether anyone has managed to protect an Access database using the techniques suggested?
PS. I will move this to a new thread to avoid swamping the original with this (quite important) discussion.
NeoPa 32,556
Expert Mod 16PB @FishVal
I've done some checking (assuming you're asking if it's possible to hack in that way) and it appears that Access's syntax checking seems to block any attempts I try, but remember this is most often used via a web interface. In that case (using an Access database simply as a Back-End, it is very likely possible as the syntax checking would not be active.
I have a strong feeling that Access back-end cannot execute multiple SQL commands.
P.S. Human beings has many problem that other animals don't have, but at least tail curvature by no means threatens us. :D
NeoPa 32,556
Expert Mod 16PB @FishVal
It wouldn't need to necessarily (although you may well be right).
If some Access SQL were looking for a matching name in an authority table with : - SELECT 9 AS [AuthLevel]
-
FROM [tblSecurity]
-
WHERE [Password]='%ValueHere%'
Assume now that the value entered (to replace %ValueHere%) were :
The real life code would be a little more complicated, but this illustrates the point succinctly I feel.
NeoPa 32,556
Expert Mod 16PB @FishVal
At the time humans were losing their tails into those vestigial stubs we now have, do you think they weren't worried?!!?
NeoPa 32,556
Expert Mod 16PB
OK. I managed to break into a very basic system.
Assume a table : Table=[tblSecurity] - AuthID AutoNumber (PK)
-
AuthName Text (Account name)
-
AuthPW Text (password)
-
AuthCode Numeric (payload)
Data is as follows : - AuthID AuthName AuthPW AuthCode
-
1 NeoPa Ooops 90
-
2 Admin Secret 99
-
3 Other LowLevel 1
Next I ran some code in the immediate window to simulate checking a name and password passed via InputBox() : - strN=InputBox("Enter Name:") : _
-
strP=InputBox("Enter PW:") : _
-
?DLookup("[AuthCode]", _
-
"[tblSecurity]", _
-
"[AuthName]='" & strN & "' AND " & _
-
"[AuthPW]='" & strP & "'")
The data I entered for strN & strP were as follows :
The result, of course, was 99. A full break-in at the highest authority level.
At the time humans were losing their tails into those vestigial stubs we now have, do you think they weren't worried?!!?
Doctors say - there is much stuff in human body which could and should be cut out. Medical purveyed humor ... I hope.
NeoPa 32,556
Expert Mod 16PB @FishVal
You'll never hear more dodgy or worrying humour than from doctors (unless it's from soldiers of course).
@NeoPa
Definitely makes sense.
A way to prevent such kind of attack could be preevaluation of entered criteria with some dummy value which will never occur in the table. -
If Eval("'<impossible password>'='" & strP) Then MsgBox "Cheater, run up and kill yourself against wall"
-
@FishVal
Well. A good example of how one can outsmart himself.
Actually, it is sufficient to replace text delimiters in user input.
...With doubled delimiters for example.
This article is incorrect. SQL doesn't stand for "Structured Query Language". Its official name is Database Lanugage SQL. SQL isn't an acronym. See page XV of SQL by Chris Fehily (ISBN 0321334175).
-Kyle
Off topic AND wrong.
Donald D. Chamberlin and Raymond F. Boyce of IBM subsequently created the Structured English Query Language (SEQUEL) to manipulate and manage data stored in System R.[6] The acronym SEQUEL was later changed to SQL because "SEQUEL" was a trademark of the UK-based Hawker Siddeley aircraft company.[7]
@ChipR
My apologies. I didn't realize I had migrated away from the article. I guess Chris Fehily is on his own with his claim. Every other SQL book I read agrees with you.
-Kyle
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Sati |
last post by:
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the...
|
by: sati |
last post by:
Thanks.. Since my last post, I have identified a few more
facts on this case.
This code injection occurs in the client browser. The Web
server seems to be sending correct page. So far, I have...
|
by: TCORDON |
last post by:
What is the best way to protect a site against it? Does anyone have a RegEx
to help validate user input?
TIA!
|
by: ss |
last post by:
hi,
can anybody gives me a sample code where the sql injection attack is
validated.
how can i do that in business logic layer and pass the error to the
presentation tier
I want the sample...
|
by: sashi |
last post by:
hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in...
|
by: Doug |
last post by:
Hi,
I have a question on sql injection attacks. I am building a tool that
will be used exclusively by our other developers and will generate
stored procs for them dynamically based off input...
|
by: sinbuzz |
last post by:
Hi,
I'm curious about the best way to avoid SQL Injection attacks against
my web server.
Currently I'm on IIS.
I might be willing to switch to something like Apache but I'm not sure
if SQL...
|
by: shank |
last post by:
- - - - - - - - - IIS Log File Entry - - - - - - - - - - - - - - - -
GET /sresult.asp...
|
by: Frinavale |
last post by:
SQL Injection Attack
A database is a collection of information organised in such a way that allows computer programs to access data (even large amounts) quickly and easily. Data within a database is...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
