ASP.NET Security

C

chorestAccorn

New Member
Hi guys,<BR>My name is Vickie and I work on ASPToday. I wondered if you minded me bouncing something off you?<BR><BR>Last week, on ASPToday we had a security week, and an article on "Protecting your site against SQL injection attacks" did exceptionally well. (This article is free this month btw, so check out http://www.asptoday.com/content/articles/20020225.asp if you are interested.)<BR><BR>Thing is, I think this article appealed to both the ASP.NET programmer and the ASP programmer. Do you agree? Can any of you shead any light on why this article was so popular? I'm really curious, because I understand security is a big topic, but the other articles didn't do as well. I'd love someone opinions on why this is.<BR><BR>I hope you don't mind me posting this, but as an ex programmer this is more me getting a grip of real world opinions for my own personal curiosity.<BR><BR>Thanks,<BR>Vickie.The link you sent appears to be broken. If the article is about SQL injection attacks then it would apply to anyone who used sql server as the backend of their site, including asp and asp.net programmers as well as others. Sql Injection attacks simply use the lack of validation on user input to manipulate exposed sql queries. And since it is such a serious security flaw I could see that the article would be very popular.It *would* be popular to ASP.NET and ASP developers, becuase it affects them both. For that matter, it should be popular to PHP developers, JSP developers, and any developers using any other technology that takes SQL input for users, and manipulates a DB with it.<BR><BR>In fact, in the ASP Q&A forum on THIS site, there was a long thread within the last couple of weeks on that very topic. In fact, one of the users here showed how vulnerable *this* site (was) to a SQL injection attack. (The hole has since been closed.) <BR><BR>It is a hot topic with developers due to the fact that it is a direct result of design flaws....Not an OS exploit that we apply a patch for, but an exploit that we create with the code we write, and that we can close with good programming and administrative practices.<BR><BR>My two cents. <BR><BR>Xander<BR>(ASP and ASP.NET developer)
 
You must log in or register to reply here.
Back
Top