Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Web Forms filtered with SQL constraints

from [V. Poddubnyy] Network Security [Permanent Link]
Subject: RE: Web Forms filtered with SQL constraints
Date: Wed, 6 Oct 2004 15:19:53 +0400 
Hello!


But I have 2 questions:
      - How can I hide my Jscript filtering from the user ? 
When I want to see the source, everything is diaplayed, quite 
normal :( ... 


As Mike Allison said, it's no matter, that you hide your Jscript. But if you
want to hide it from the beginner users, put it into separate script1.js
file and use <script src="script1.js" /> (ot smth. like that). Remember,
this won't hide code from real attackers...


      - How can I deal with possible SQL errors within an ASP 
page ? I mean, if a field has been filled in, bypass my 
Jscript filtering (no matter how), and gets to the database 
but is then "stopped" by an SQL onstraint, how do I raise 
this error on an ASP page without diplaying an explicit error 
(giving the user the name of my database for instance) ?


Do you mean: "How can I raise error from SQL?", or "How can I handle SQL
errors in ASP?" ?

If the first, read SQL Server Books Online (keyword "raiseerror").

If the second and you use VB, try to use On Error GoTo statement. In
standard VB it looks like:

...
On Error GoTo CheckErr
... Some code ...
Exit Sub
CheckErr:
  If Err.Number = xxx Then
     Handler code
  Else
     write something like "Internal error. Contact support"
  end if
...

I don't remember now, but something like this is in ASP too.

--

I hope, my answer helped you.

--
Best regards,
 Vladimir Poddubnyy
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  public key distribution schemes, Ajay
Next by Date:  Re: New Vulnerability in Microsoft ASP.NET, Adam Tuliper
Previous by Thread:  Re: Web Forms filtered with SQL constraints, Steven Boone
Next by Thread:  RE: Web Forms filtered with SQL constraints, focus
Indexes:  [Date] [Thread] [Top] [All Lists]