Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP 3 Classic ASP Active Server Pages 3.0 > Classic ASP Databases
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old October 27th, 2007, 01:39 AM
Authorized User
 
Join Date: Oct 2006
Location: New Delhi, Delhi, India.
Posts: 60
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQl Injection through ASP and MS SQl 2000

Hello,


I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website?

Can someone explain plz?



Thanx

-----------------------------------------------
www.chargertek.in - Cheapest WebHosting
__________________
-----------------------------------------------
www.chargertek.in - Cheapest WebHosting
Reply With Quote
  #2 (permalink)  
Old October 27th, 2007, 03:21 AM
Imar's Avatar
Wrox Author
Points: 71,768, Level: 100
Points: 71,768, Level: 100 Points: 71,768, Level: 100 Points: 71,768, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,033
Thanks: 80
Thanked 1,582 Times in 1,559 Posts
Default

Hi there,

The information usually comes from two sources: common knowledge (e.g. all SQL Server installations have the same Master database with a well know structure) and error pages that are thrown by the page itself when something goes wrong. That's why it's so important to turn on error pages on the server to hide this kind of information.

You may want to read this PDF: http://www.spidynamics.com/papers/SQ...WhitePaper.pdf for more information.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Spargi D'Amaro Pianto (Donizetti) by Maria Callas (Track 15 from the album: Maria Callas: The Voice Within the Heart) What's This?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How Run .sql Script file in MS SQL Server 2000? aarkaycee SQL Server 2000 5 October 12th, 2009 05:43 AM
Database migration MS Access 2003 to MS SQL 2000 ayazhoda SQL Server 2000 3 April 23rd, 2007 11:38 AM
Isolation IN MS SQL 2000 Israr Pro VB Databases 0 October 31st, 2005 09:58 AM
MS SQL 2000 & ASP Adam H-W Classic ASP Databases 3 August 22nd, 2005 07:58 AM
How to use ASP and MS SQL 2000 eapsokha Classic ASP Professional 2 February 26th, 2004 10:59 PM



All times are GMT -4. The time now is 06:22 PM.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.