1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Need some SQL help

Collapse
X
11 to 14 of 14 Previous 1 2 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
11 to 14 of 14 Previous 1 2 template Next
    #11
    Originally posted by Cliphead View Post
    Excellent!
    Google for SQL injection if you're planning on implementing a web-based interface to a database-backed application.

    Also worth looking up cross-site scripting, and cross-site request forgery

    Comment

      #12
      Originally posted by NickFitz View Post
      Google for SQL injection if you're planning on implementing a web-based interface to a database-backed application.

      Also worth looking up cross-site scripting, and cross-site request forgery
      http://www.cgisecurity.com/2007/06/27

      Even microsoft have suffered! They should have employed NF...

      Comment

        #13
        Taken onboard. Learning a lot about this and quite happy that things are as secure as they can be at the moment. I don't know much about SQL but I know UNIX and security so that's a good start.

        I've also quizzed the developers about their methods and asked for their input re security bit not expecting much feedback...
        Me, me, me...

        Comment

          #14
          If your web users are only doing selects on the database, it may be useful practice to make sure their privileges on the database involved are limited to just selects (ie stop them being able to insert update or delete). A belt and braces approach, as you will already be trying to prevent sql injection at application level as mentioned above. The biggest danger is allowing the hacker to gain userid knowledge from the users table at login.
          Speaking gibberish on internet talkboards since last Michaelmas. Plus here on Twitter

          Comment

          Reply to Thread
          11 to 14 of 14 Previous 1 2 template Next

          Advertisers

          1. Contracting
            1. General
              1. Brexit
            2. Business / Contracts
              1. Coronavirus Assistance
            3. Accounting / Legal
              1. Umbrella Companies
              2. HMRC Scheme Enquiries
              3. The Future of Contracting
              4. IR35 Reform
            4. Technical
            5. Welcome / FAQs
          2. Social
            1. Light Relief
            2. Social / Events
          Working...
          X