Firebird SQL Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsDatabasesFirebird SQL Development
Reload this Page

preventing an SQL login hack


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old September 30th, 2003, 01:41 PM
Demigorgon Demigorgon is offline
Junior Member
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Sep 2003
Posts: 7 Demigorgon User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 m 16 sec
Reputation Power: 0
preventing an SQL login hack
As most of you may or may not know, when you have a username and login screen, ie:

where name = 'name'
and pw = 'pw'

there is a way to make this statement always return true, allowing you to bypass/hack in.

Does MS SQL have any built in function to prevent this, or anyone have any suggestions?
Reply With Quote
  #2  
Old February 27th, 2004, 06:59 AM
Rafael! Rafael! is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2004
Posts: 12 Rafael! User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Several possibilities
There are some possibilities to make such statements allways true. Each one has prevent functions.
Which one of them do you mean?
______________________________________________

Quote:
Originally Posted by Demigorgon
As most of you may or may not know, when you have a username and login screen, ie:

where name = 'name'
and pw = 'pw'

there is a way to make this statement always return true, allowing you to bypass/hack in.

Does MS SQL have any built in function to prevent this, or anyone have any suggestions?
Reply With Quote
  #3  
Old February 27th, 2004, 11:32 AM
Rafael! Rafael! is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2004
Posts: 12 Rafael! User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
User Replace function in your application
e.g. in VBasic : Replace(Username, "'", " ")

single quotes = rem --> they are very dangerous
Reply With Quote
Reply

Viewing: Dev Shed ForumsDatabasesFirebird SQL Development > preventing an SQL login hack

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap