Re: Need to know about the vulnerabilities of asp website
Input box is a hacker used an objective, they can by entering a scripting language such as damage caused to the user client; if the input box related to data query, they will use a special query and get more database data, and even the table all. Must therefore be to filter the input box. However, if only in order to improve the efficiency of the legitimacy of the client for input checking, there is still likely to be bypassed.
In dealing with a similar message board, BBS, etc. into the box ASP program, the best screen out HTML, JavaScript, VBScript statements, such as no special requirements, you can limit the number allowed to enter letters and numbers, masked special characters. The same time, restrict the length of input character. And not only the legitimacy of the client for input checking, while the server-side program, similar checks.
I'm the Proud Owner of the most dangerous weapon
known to man kind: Human Brain
Bookmarks