473,242 Members | 4,184 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,242 software developers and data experts.

IIS SQL Injection woes...

Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.

Currently I'm on IIS.

I might be willing to switch to something like Apache but I'm not sure
if SQL Injection is
is a generic enough of an attack to cause me worries once I make the
switch.

Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.

....Bob
http://SinBuzz.com
[ For those who live in Sin ]

Jan 5 '07 #1
29 2070
Quite a fair bit OT for this NG by the way...
I'm curious about the best way to avoid SQL Injection attacks
against
my web server.
As a start, don't ever use string concatenation to build SQL
queries... use parameterised queries instead; this avoids most forms
of SQL injection regardless of the server / architecture.

ASP.Net can also help project various forms of script injection if
enabled

As for stealing content: do you mean re-posting content that they do
have legitimate access to download? (in which case the answer is
probably legal rather than system), or blocking access to things they
don't have access to? (in which case you need to find out about the
IIS and/or ASP.Net security models [or for your chosen product]).
Alternatively, push all such downloads through a proxying page which
accepts a QS param referencing the content, verifies access via your
bespoke model, and then streams the headers and content.

Marc
Jan 5 '07 #2
At 5 Jan 2007 01:12:22 -0800 si*****@gmail.com wrote:
>
Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.

Currently I'm on IIS.

I might be willing to switch to something like Apache but I'm not sure
if SQL Injection is
is a generic enough of an attack to cause me worries once I make the
switch.
I believe the SQL Injection attacks are unique to IIS. Switching to
Apache would be a smart move.
>
Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.
Apache + Linux.
>
...Bob
http://SinBuzz.com
[ For those who live in Sin ]

--
Robert Heller -- 978-544-6933
Deepwoods Software -- Linux Installation and Administration
http://www.deepsoft.com/ -- Web Hosting, with CGI and Database
he****@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk

Jan 5 '07 #3
Hi Mark,
>I'm curious about the best way to avoid SQL Injection attacks against
my web server.

As a start, don't ever use string concatenation to build SQL queries...
use parameterised queries instead; this avoids most forms of SQL injection
regardless of the server / architecture.
I'm unaware of any other forms of SQL injection other than what can occur
when SQL is concatenated from the usual hard-coded SQL strings and user
input. Parameterized queries should solve the problem completely.

Am I missing something?

<snip>

--
Dave Sexton
http://davesexton.com/blog
Jan 5 '07 #4
I was hedging... I agree - I just didn't want to specify it as an
absolute ;-p

Marc
Jan 5 '07 #5
Hi Robert,

IIS has nothing to do with SQL injection attacks, which can occur when your
code constructs an SQL statement based on hard-coded SQL and user input.
This can occur on any development platform, in any language and on any
server.

It's simply a matter of design.

--
Dave Sexton
http://davesexton.com/blog

"Robert Heller" <he****@deepsoft.comwrote in message
news:9d**************************@news.news-service.com...
At 5 Jan 2007 01:12:22 -0800 si*****@gmail.com wrote:
>>
Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.

Currently I'm on IIS.

I might be willing to switch to something like Apache but I'm not sure
if SQL Injection is
is a generic enough of an attack to cause me worries once I make the
switch.

I believe the SQL Injection attacks are unique to IIS. Switching to
Apache would be a smart move.
>>
Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.

Apache + Linux.
>>
...Bob
http://SinBuzz.com
[ For those who live in Sin ]


--
Robert Heller -- 978-544-6933
Deepwoods Software -- Linux Installation and Administration
http://www.deepsoft.com/ -- Web Hosting, with CGI and Database
he****@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk

Jan 5 '07 #6
si*****@gmail.com wrote:
Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.

Currently I'm on IIS.

I might be willing to switch to something like Apache but I'm not sure
if SQL Injection is
is a generic enough of an attack to cause me worries once I make the
switch.

Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.

...Bob
http://SinBuzz.com
[ For those who live in Sin ]
This is a programming issue rather than a MSSQL or MySQL issue, any form
that uses a dynamically generated query string from user input can be used
for this sort of attack.

The users enter '*' or an equation that resolves to 'true' such as '1=1'.

So the dynamic sql could be something like,
UserInput = '*'
SELECT * FROM usernames WHERE name='UserInput';

That is obviously not what the programmer intended the users to be able to
do. After log in then the same system can be used to collect the entire
structure of the database and possibly even go as far as being able to
adjust grants. Because of SQL's ability to multi query, the UserInput can
be a query too, an UPDATE query for example within a SELECT query.

MySQL would be just as vulnerable as MSSQL in this, because it isn't the
fact that SQL is doing anything wrong, all that is wrong is that there is
no validation between the user input and the actual query.

No decent programmer allows any interaction with a database without the
validation phase.

SLQ | validation | user form

How or where that is done is up to the programmer. I have seen some very
weak validation done in javascript, better in java but best of all in on
the server with the validation code out of scope of the public side of the
web site.

Dynamic SQL will always have a place, because it is so usefull, but always
create the SQL at the server side and ALWAYS combine it with a server side
validation, possibly only ever using stored procedures for this. Afterall
you must know what is valid for a field so the invalid should be easy to
pick out.

Although I said that this is not a MSSQL issue, there is one important point
that has seperated most MySQL and MSSQL to make such weak code less likely
on a UNIX/Linux platform.

PHP tutorials, even from the earliest lessons always take you through a
validation phase, whether there is a SQL database involved or not, right
from your first tutorial of the type 'What is your name?', you are taught
to validate the input from the textBox, even in this case if it is only to
check a name was entered, then you are taken forward into making sure data
is in a range or of a certain type.

So that when the student comes to involving MySQL in their programs they
will think in terms of validation automatically. MSSQL, even it's own
generated code from it's ,net2 GUI, does not include any validation, you
are free to enter anything at all, even in the supposedly secure login
tool. So yes, MS are responsible for this weakness and very likely the vast
majority of code written using MS's .net2 GUI tool is susceptible.

But MySQL could be just as weak if you do not have a validation layer
between the user input and the database engine.

Jan 5 '07 #7
__/ [ Dave Sexton ] on Friday 05 January 2007 10:45 \__
"Robert Heller" <he****@deepsoft.comwrote in message
news:9d**************************@news.news-service.com...
>At 5 Jan 2007 01:12:22 -0800 si*****@gmail.com wrote:
>>>
Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.

Currently I'm on IIS.

I might be willing to switch to something like Apache but I'm not sure
if SQL Injection is
is a generic enough of an attack to cause me worries once I make the
switch.

I believe the SQL Injection attacks are unique to IIS. Switching to
Apache would be a smart move.
>>>
Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.

Apache + Linux.
>>>
...Bob
http://SinBuzz.com
[ For those who live in Sin ]

Hi Robert,

IIS has nothing to do with SQL injection attacks, which can occur when your
code constructs an SQL statement based on hard-coded SQL and user input.
This can occur on any development platform, in any language and on any
server.

It's simply a matter of design.
In case it helps judgment, Microsoft-Watch switched from Windows/ISS to Red
Hat GNU/Linux/Apache last month. The only think going for Windows/IIS are
brochures.

Best wishes,

Roy

--
~~ Best wishes for the new year!

Roy S. Schestowitz | "Avoid missing ball for higher score"
http://Schestowitz.com | RHAT GNU/Linux PGP-Key: 0x74572E8E
11:00am up 78 days 21:14, 6 users, load average: 1.67, 1.40, 1.06
http://iuron.com - help build a non-profit search engine
Jan 5 '07 #8
Jay
Why do parameterise queries help? If someone could come up with a quick example, perhaps that would
show me?

Thanks in anticipation...

"Marc Gravell" <ma**********@gmail.comwrote in message
news:%2****************@TK2MSFTNGP02.phx.gbl...
Quite a fair bit OT for this NG by the way...
I'm curious about the best way to avoid SQL Injection attacks
against
my web server.
As a start, don't ever use string concatenation to build SQL
queries... use parameterised queries instead; this avoids most forms
of SQL injection regardless of the server / architecture.

ASP.Net can also help project various forms of script injection if
enabled

As for stealing content: do you mean re-posting content that they do
have legitimate access to download? (in which case the answer is
probably legal rather than system), or blocking access to things they
don't have access to? (in which case you need to find out about the
IIS and/or ASP.Net security models [or for your chosen product]).
Alternatively, push all such downloads through a proxying page which
accepts a QS param referencing the content, verifies access via your
bespoke model, and then streams the headers and content.

Marc

Jan 5 '07 #9
Simple; in a parameterised query the RDBMS knows that the
parameterised token (be it "?" or "@something") represents a value,
and does not treat it as literal replacement - e.g.

string sql = "SELECT * FROM CUSTOMER WHERE Name = ?";

Then it doesn't matter what the parameter value contains...
string sql = "SELECT * FROM CUSTOMER WHERE Name = '" + name + "'";

In the latter, the "O'Reilly" family will cause problems, but not
nearly as much trouble as the "O' DELETE FROM CUSTOMER" family...

Marc
Jan 5 '07 #10
Jay
Thanks Marc, that's made it crystal clear.

Jay
"Marc Gravell" <ma**********@gmail.comwrote in message
news:em*************@TK2MSFTNGP04.phx.gbl...
Simple; in a parameterised query the RDBMS knows that the
parameterised token (be it "?" or "@something") represents a value,
and does not treat it as literal replacement - e.g.

string sql = "SELECT * FROM CUSTOMER WHERE Name = ?";

Then it doesn't matter what the parameter value contains...
string sql = "SELECT * FROM CUSTOMER WHERE Name = '" + name + "'";

In the latter, the "O'Reilly" family will cause problems, but not
nearly as much trouble as the "O' DELETE FROM CUSTOMER" family...

Marc

Jan 5 '07 #11
si*****@gmail.com wrote:
Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.
Marked as off-topic spam, Roy Schestowitz.

Please keep posts on-topic to the charter of this newsgroup; Linux
advocacy. Failing to do so disrupts
the group, floods it with off-topic spam and plays a part in ruining the
medium for everyone.

Please exercise some newsgroup etiquette, Roy Schestowitz. See:

http://www.faqs.org/faqs/usenet/posting-rules/part1/
Jan 5 '07 #12
["Followup-To:" header set to comp.os.linux.advocacy.]
On 2007-01-05, Robert Heller <he****@deepsoft.comwrote:
At 5 Jan 2007 01:12:22 -0800 si*****@gmail.com wrote:
I believe the SQL Injection attacks are unique to IIS. Switching to
Apache would be a smart move.
Nope. SQL injection attacks are against web applications, not web
servers. Whether you are running IIS or Apache is irrelevant. In
practice, SQL injections attacks against poorly written PHP applications
running on Apache are very common. Such widespread PHP applications as
wordpress and phpBB have been vulnerable, for example.
Jan 5 '07 #13
In comp.os.linux.advocacy si*****@gmail.com wrote:
Hi,

I'm curious about the best way to avoid SQL Injection attacks against
my web server.

Currently I'm on IIS.

I might be willing to switch to something like Apache but I'm not sure
if SQL Injection is
is a generic enough of an attack to cause me worries once I make the
switch.

Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.

...Bob
http://SinBuzz.com
[ For those who live in Sin ]
Hi, if you dont understand that an sql injection attack has nothing to
do with what is discretely known today as a *webserver* in the line of
IIS or Apache, but instead what is discretely known today as a *database*
in the line of Oracle or MSSQL, then you need to SHUT THE FUCK UP AND
GO THE FUCK AWAY, ASSHOLE.

kthx,


-----yttrx

--
http://www.yttrx.net

Jan 5 '07 #14
In comp.os.linux.misc si*****@gmail.com wrote:
: Also, I'm looking for ways to prevent hackers from stealing adult
: content from my site.

Aside from taking your machine off the net there is no 100% foolproof
way to stop a determined cracker from getting into your system.
Best you can do is to make it difficult.

Stan
--
Stan Bischof ("stan" at the below domain)
www.worldbadminton.com
Jan 5 '07 #15
ed
On Fri, 5 Jan 2007 05:45:23 -0500
"Dave Sexton" <dave@jwa[remove.this]online.comwrote:
Hi Robert,

IIS has nothing to do with SQL injection attacks, which can occur
when your code constructs an SQL statement based on hard-coded SQL
and user input. This can occur on any development platform, in any
language and on any server.
i think he is confusing with the sql worms from SQLServer.

--
Regards, Ed :: http://www.ednevitable.co.uk
just another python hacker
In an episode of Pokémon that never made it to the states Vin Diesel
rapes Ash’s mom.
Jan 5 '07 #16
st**@worldbadminton.com burped up warm pablum in
news:11**************@newsreg.cos.agilent.com:
In comp.os.linux.misc si*****@gmail.com wrote:
: Also, I'm looking for ways to prevent hackers from stealing adult
: content from my site.

Aside from taking your machine off the net there is no 100% foolproof
way to stop a determined cracker from getting into your system.
Best you can do is to make it difficult.
There are several ways to prevent stealing content. One way is to make
everything free so there is no loss. Not exactly what the OP wants to
hear but...someone named Paul could access all of your content by paying
for one monthly subscription. Everybody else could take content from
Paul. Now you've got one subscriber per month and all of your content
available from Paul for free.

--
Tris Orendorff
[Q: What kind of modem did Jimi Hendrix use?
A: A purple Hayes.]
Jan 8 '07 #17
st**@worldbadminton.com wrote:
In comp.os.linux.misc si*****@gmail.com wrote:
: Also, I'm looking for ways to prevent hackers from stealing adult
: content from my site.

Aside from taking your machine off the net there is no 100% foolproof
way to stop a determined cracker from getting into your system.
Best you can do is to make it difficult.
I am sure there are a few netbanks around the world
that will be sorry to hear that.

Arne
Jan 9 '07 #18
Arne Vajhj wrote:
st**@worldbadminton.com wrote:
>In comp.os.linux.misc si*****@gmail.com wrote:
: Also, I'm looking for ways to prevent hackers from stealing adult
: content from my site.

Aside from taking your machine off the net there is no 100% foolproof
way to stop a determined cracker from getting into your system.
Best you can do is to make it difficult.

I am sure there are a few netbanks around the world
that will be sorry to hear that.
They know it already. They spend a fortune on guarding againts it.
Arne
Jan 9 '07 #19
The Natural Philosopher wrote:
Arne Vajhj wrote:
>st**@worldbadminton.com wrote:
>>In comp.os.linux.misc si*****@gmail.com wrote:
: Also, I'm looking for ways to prevent hackers from stealing adult
: content from my site.

Aside from taking your machine off the net there is no 100% foolproof
way to stop a determined cracker from getting into your system.
Best you can do is to make it difficult.

I am sure there are a few netbanks around the world
that will be sorry to hear that.

They know it already. They spend a fortune on guarding againts it.
If they knew that it would not work, then they would
not spend the money (or even have money to spend).

Arne
Jan 11 '07 #20
They know it already. They spend a fortune on guarding againts it.
If they knew that it would not work, then they would
not spend the money (or even have money to spend).
That is a bit like saying "you can't 100% protect a bank with security
guards, cameras, dye-packs, auto-police-calls, panic buttons and
high-speed shutters; therefore we won't bother with any of those
things, and we won't open".

They make it as dificult to abuse as possible, and as traceable as
possible; law enforcement, insurance and recovery still have a part to
play, however.

Marc

Jan 11 '07 #21
Marc Gravell wrote:
>>They know it already. They spend a fortune on guarding againts it.
>If they knew that it would not work, then they would
not spend the money (or even have money to spend).

That is a bit like saying "you can't 100% protect a bank with security
guards, cameras, dye-packs, auto-police-calls, panic buttons and
high-speed shutters; therefore we won't bother with any of those
things, and we won't open".

They make it as dificult to abuse as possible, and as traceable as
possible; law enforcement, insurance and recovery still have a part to
play, however.

Marc
Yep. The best one I saw in a security audit was a guy with a SUN
workstation on his desk (and on the private internal network) with a
dial in modem permanently wired to a DDI line.

You want to steal customer lists?

Easy. Just work in their accounts department for 6 months.
Jan 11 '07 #22
>Robert Heller wrote:
I believe the SQL Injection attacks are unique to IIS. Switching to
Apache would be a smart move.
I'm sure this has been said but IIS or Apache have nothing to do with
SQL injections. Both can allow it and both can prevent it.
Also, I'm looking for ways to prevent hackers from stealing adult
content from my site.

Apache + Linux.
I am curious on how Apache + Linux keeps someone from stealing content?
To prevent (or try to prevent) someone from stealing you have to take
precautions and code your site in a smart manner. Strongest padlock in
the world won't help if you leave the key in it.
cbmeeks
http://www.codershangout.com

Jan 11 '07 #23
Marc Gravell wrote:
>>They know it already. They spend a fortune on guarding againts it.
>If they knew that it would not work, then they would
not spend the money (or even have money to spend).

That is a bit like saying "you can't 100% protect a bank with security
guards, cameras, dye-packs, auto-police-calls, panic buttons and
high-speed shutters; therefore we won't bother with any of those
things, and we won't open".

They make it as dificult to abuse as possible, and as traceable as
possible; law enforcement, insurance and recovery still have a part to
play, however.
So you also believe that a sufficiently skilled hacker could
break into any banks systems ?

Why don't they ?

The chance for being caught would be small and getting away
with a couple of billion dollars could tempt some ...

Arne
Jan 12 '07 #24
Not necessarily 'any' bank's systems. But certainly some bank's systems.

They try, continually.
"Arne Vajhj" <ar**@vajhoej.dkwrote in message
news:45***********************@news.sunsite.dk...
Marc Gravell wrote:
>>>They know it already. They spend a fortune on guarding againts it.
>>If they knew that it would not work, then they would
not spend the money (or even have money to spend).

That is a bit like saying "you can't 100% protect a bank with security
guards, cameras, dye-packs, auto-police-calls, panic buttons and
high-speed shutters; therefore we won't bother with any of those
things, and we won't open".

They make it as dificult to abuse as possible, and as traceable as
possible; law enforcement, insurance and recovery still have a part to
play, however.

So you also believe that a sufficiently skilled hacker could
break into any banks systems ?

Why don't they ?

The chance for being caught would be small and getting away
with a couple of billion dollars could tempt some ...

Arne

Jan 12 '07 #25
Arne Vajhj wrote:
Marc Gravell wrote:
>>>They know it already. They spend a fortune on guarding againts it.
>>If they knew that it would not work, then they would
not spend the money (or even have money to spend).

That is a bit like saying "you can't 100% protect a bank with security
guards, cameras, dye-packs, auto-police-calls, panic buttons and
high-speed shutters; therefore we won't bother with any of those
things, and we won't open".

They make it as dificult to abuse as possible, and as traceable as
possible; law enforcement, insurance and recovery still have a part to
play, however.

So you also believe that a sufficiently skilled hacker could
break into any banks systems ?
Yes. One way or another, they could.
>
Why don't they ?
Because its a darned sight easier to phish accounts. No special
technical skill required.

And how do you know they have not already done so anyway?

>
The chance for being caught would be small and getting away
with a couple of billion dollars could tempt some ...
Someone probably has, but one thing is for sure: No bank will admit it.

But te chances are actually quite high to get caught..at some stage teh
money goes somewhere..and accounts are traceable as are all transactions.

Why do you think its so hard to open an account these days? Money
laundering for terrorists? Rubbish. Its so that clever hackers (probably
working INSIDE the bank)can't channel funds into anonymous bank acounts.

I heard of one case yesterday here in the UK where the person in charge
of automatic payments in a company, changed the sort code details of
some payments to THEIR account. The NAMES remained the same. No one
spotted the number changes until he had cleaned up over 100,000, He
went to jail, but the bank refused to refund the money.
Arne
Jan 12 '07 #26
Hi Arne,

If you count social engineering, then anything is possible :)

--
Dave Sexton
http://davesexton.com/blog

"Arne Vajhj" <ar**@vajhoej.dkwrote in message
news:45***********************@news.sunsite.dk...
Marc Gravell wrote:
>>>They know it already. They spend a fortune on guarding againts it.
>>If they knew that it would not work, then they would
not spend the money (or even have money to spend).

That is a bit like saying "you can't 100% protect a bank with security
guards, cameras, dye-packs, auto-police-calls, panic buttons and
high-speed shutters; therefore we won't bother with any of those
things, and we won't open".

They make it as dificult to abuse as possible, and as traceable as
possible; law enforcement, insurance and recovery still have a part to
play, however.

So you also believe that a sufficiently skilled hacker could
break into any banks systems ?

Why don't they ?

The chance for being caught would be small and getting away
with a couple of billion dollars could tempt some ...

Arne

Jan 12 '07 #27
Stephany Young wrote:
Not necessarily 'any' bank's systems. But certainly some bank's systems.

They try, continually.
I agree on that one.

There are some systems with security holes. It could even be
the majority of the systems.

But they are not easy to find even for a determined hacker.

Arne
Jan 13 '07 #28
Stephany Young wrote:
Not necessarily 'any' bank's systems. But certainly some bank's systems.
I was just objecting to the claim that it was impossible to
keep a determined hacker out.

Arne
Jan 13 '07 #29
The Natural Philosopher wrote:
Arne Vajhj wrote:
>So you also believe that a sufficiently skilled hacker could
break into any banks systems ?

Yes. One way or another, they could.
>>
Why don't they ?

Because its a darned sight easier to phish accounts. No special
technical skill required.
But why settle for a couple of thousands here and there
from careless users instead of taking a billion or two if
you have the skills ?

>The chance for being caught would be small and getting away
with a couple of billion dollars could tempt some ...

Someone probably has, but one thing is for sure: No bank will admit it.
I don't believe in X-files, Area 51, UFO's etc..
But te chances are actually quite high to get caught..at some stage teh
money goes somewhere..and accounts are traceable as are all transactions.
It seems easier to me to clear the trails of a single huge money
transfer from hacking a bank, than by dozens or hundreds small
money transfers from fishing.
Why do you think its so hard to open an account these days? Money
laundering for terrorists? Rubbish. Its so that clever hackers (probably
working INSIDE the bank)can't channel funds into anonymous bank acounts.

I heard of one case yesterday here in the UK where the person in charge
of automatic payments in a company, changed the sort code details of
some payments to THEIR account. The NAMES remained the same. No one
spotted the number changes until he had cleaned up over 100,000, He
went to jail, but the bank refused to refund the money.
Inside jobs are much harder to protect against. And they do happen
occasionally.

Arne
Jan 13 '07 #30

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: NotGiven | last post by:
Steve wrote, > "And read up on "sql injection" attacks (use your favorite search > engine). As indicated, validate input. e.g. if you expert $_GET > to be integer, then do > > $a =...
11
by: BTR | last post by:
I have been working on this particular project for a little over 2 weeks now. This product contains between 700-900 stored procedures to handle just about all you can imagine within the product. I...
10
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form...
8
by: stirrell | last post by:
Hello, One problem that I had been having is stopping email injections on contact forms. I did some research, read up on it and felt like I had created a working solution. I hadn't gotten any...
7
by: | last post by:
There are assorted "SQL Injection vulnerability assessment tools" out there. They scan your site and send your report. They also take your money. We don't have the money so I was wondering if I...
3
by: =?Utf-8?B?Um9kbmV5IFZpYW5h?= | last post by:
IIS 6 SQL Injection Sanitation ISAPI Wildcard at http://www.codeplex.com/IIS6SQLInjection I created an ISAPI dll application to prevent SQL Injection attempts by intercepting the HTTP requests...
2
by: Sudhakar | last post by:
A) validating username in php as part of a registration form a user fills there desired username and this is stored in a mysql. there are certain conditions for the username. a) the username...
12
by: shank | last post by:
I've been hit again using DW, parameterized queries and stored procedures. I'm guessing I was not strict enough with character counts and allowing to long of a string to pass. Aside from that,...
2
by: Brian Bozarth | last post by:
This is weird, I'm pretty familiar with SQL Injection - but we're getting these weird injection that is writing in the default document or home page. What it's doing is putting in script code at...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, youll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.