Results 1 to 8 of 8

Thread: SQL injection help

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

December 23rd, 2004, 10:13 PM #8
Tiger Shark

View Profile

View Forum Posts

Visit Homepage
AO Ancient: Team Leader

Join Date

Oct 2002

Posts

5,197
Silly question.... I don't have SQL servers open to the public so I'm not really up on it.....

If that is the error response that is provided publicly isn't that a security breach in itself? In my reading it seems that the "standard" is to give a "nothing" error such as "The query cannot be completed" rather than dump the entire table structure for the attacker to see. It's my recollection that they use these verbose errors to enumerate the table structures themselves.....

... or am I wrong here?

Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Reply With Quote

Quick Navigation Web Security Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: SQL injection help

Thread Tools

Display

Threaded View

Posting Permissions