#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    7
    Rep Power
    0

    preventing an SQL login hack


    As most of you may or may not know, when you have a username and login screen, ie:

    where name = 'name'
    and pw = 'pw'

    there is a way to make this statement always return true, allowing you to bypass/hack in.

    Does MS SQL have any built in function to prevent this, or anyone have any suggestions?
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    12
    Rep Power
    0

    Several possibilities


    There are some possibilities to make such statements allways true. Each one has prevent functions.
    Which one of them do you mean?
    ______________________________________________

    Originally Posted by Demigorgon
    As most of you may or may not know, when you have a username and login screen, ie:

    where name = 'name'
    and pw = 'pw'

    there is a way to make this statement always return true, allowing you to bypass/hack in.

    Does MS SQL have any built in function to prevent this, or anyone have any suggestions?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    12
    Rep Power
    0

    User Replace function in your application


    e.g. in VBasic : Replace(Username, "'", " ")

    single quotes = rem --> they are very dangerous

IMN logo majestic logo threadwatch logo seochat tools logo