Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn telerik
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Other Tutorials
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Developer Jobs
Resource Directory
ASP Email Lists
ASP.NET Email Lists
Whidbey Email Lists
AspAlliance Groups
SQL Email Lists
XML Email Lists
Regular Expressions
MS Communities
CodeWise Communities

Web Hosting
ASP Hosting
Dedicated Servers
FREE Hosting
Shared Hosting
Web Farm Hosting

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
SQL Injection in Classic ASP and Possible Solutions
page 1 of 8
Published: 12 Aug 2008
Abstract
Nowadays, SQL injection is a big threat for websites. It is a technique by which hackers can execute dangerous SQL commands by taking advantage of un-sanitized input opportunities in web application. While there is a good amount of best practices to prevent SQL injection in ASP.NET, ASP has very little information. In this article, Ehsanul examines a quicker and easier way to sanitize input parameters as well as the design plan for a new website to protect from SQL Injection. After a brief introduction, he demonstrates the technique with the help of relevant source code and screenshots. Towards the end of the article, he provides some tips to avoid database related errors and a list of useful reference articles.
by Ehsanul Haque
Feedback
Average Rating: 
Views (Total / Last 10 Days): 6081/ 264
Introduction

Several communities have already started a few workarounds on this issue. HP Web Security Research Group published a tool named HP Scrawlr, to find out SQL Injection vulnerabilities in websites. Also, Microsoft recently released source code analyzer for SQL Injection. But sanitizing all the input fields is not an easy task for a large website.

SQL (structured query language) is a very powerful gun for hackers. We know there are several built-in processes in ASP.NET to protect it from SQL Injection and cross site scripting like ValidateRequest, "EnableEventValidation," etc. in page element. They inspect in every request variable for script to prevent attack in application. These features can be set from web.config which will work for every page centrally or can be set in individual pages from page element tag. We have to build similar functionality in classic ASP, so we will do it similarly to the ways ASP.NET protects the application from SQL Injection. Normally, hackers target the "information collection form" like the registration form, subscription form, login form, etc. Searching this type of form is not a hard task since hackers used a very smart crawler program. In the rest of the article, we will build a ValidateRequest system which can inspect all request variables centrally application-wise as well as page-wise like the built-in system in ASP.NET.

View Entire Article

Article Feedback

Title:  
Name:  
Url: ( Optional )
Comment:  
Please add 7 and 4 and type the answer here:

User Comments

No comments posted yet.






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2009 ASPAlliance.com  |  Page Processed at 1/7/2009 8:16:01 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search