Forums

ASP

This topic is locked

SQL INJECTION

Posted 19 May 2008 21:14:10
1
has voted
19 May 2008 21:14:10 Ben Hyland posted:
HI, i had an older site fall victim to an SQL INJECTION, im cleaning everything up and increase the security alot, my question is i realize form fields need to have server side valiadation in the front end, but what about fields in the admin section? i mean i have the dreamwaver RESTRICT ACCESS applied on all admin pages, is this enough? or does every field in the admin section need server side validation??

Replies

Replied 20 May 2008 10:15:48
20 May 2008 10:15:48 Alan C replied:
Hi Ben,
even in my admin section (accessed by managers of properties to update their details) I do javascript clientside and then repeat the whole checking serverside on the assumption that EVERYTHING coming from a form is suspect until it has been cleaned and validated, sounds tough I know but it's far easier and far less stressful to put all that in place at the beginning rather than reacting later.

On one of my client sites some junk adverts are still managing to get through my early version of form data checking.
Replied 20 May 2008 20:23:14
20 May 2008 20:23:14 Ben Hyland replied:
Thanks Alan, this is a nightmare, i will then start validating the admin area also! looks like sleepless nights ahead... i figured the RESTRICT ACCESS BEHAVIOR would have been enuff for the admin area, oh well

Thanks for the tip

Reply to this topic