Wrox Programmer Forums
|
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old October 27th, 2007, 01:39 AM
Authorized User
 
Join Date: Oct 2006
Posts: 60
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQl Injection through ASP and MS SQl 2000

Hello,


I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website?

Can someone explain plz?



Thanx

-----------------------------------------------
www.chargertek.in - Cheapest WebHosting
__________________
-----------------------------------------------
www.chargertek.in - Cheapest WebHosting
 
Old October 27th, 2007, 03:21 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi there,

The information usually comes from two sources: common knowledge (e.g. all SQL Server installations have the same Master database with a well know structure) and error pages that are thrown by the page itself when something goes wrong. That's why it's so important to turn on error pages on the server to hide this kind of information.

You may want to read this PDF: http://www.spidynamics.com/papers/SQ...WhitePaper.pdf for more information.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Spargi D'Amaro Pianto (Donizetti) by Maria Callas (Track 15 from the album: Maria Callas: The Voice Within the Heart) What's This?





Similar Threads
Thread Thread Starter Forum Replies Last Post
How Run .sql Script file in MS SQL Server 2000? aarkaycee SQL Server 2000 5 October 12th, 2009 05:43 AM
Database migration MS Access 2003 to MS SQL 2000 ayazhoda SQL Server 2000 3 April 23rd, 2007 11:38 AM
Isolation IN MS SQL 2000 Israr Pro VB Databases 0 October 31st, 2005 10:58 AM
MS SQL 2000 & ASP Adam H-W Classic ASP Databases 3 August 22nd, 2005 07:58 AM
How to use ASP and MS SQL 2000 eapsokha Classic ASP Professional 2 February 26th, 2004 11:59 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.