LinkBack URL
About LinkBacksLooks and works fine with me, FF @ 1280x1024
Looks awesome!
Looks and works fine with me, FF @ 1280x1024
Looks awesome!
"If you're not on the edge, you're taking up too much room!"
- me, 2005
Hi there
The site looks great, however there is one thing you have overlooked. You need to validate your input from request.form and request.querystring. Also is you are using IIS (which I guess you are) you should really set up your own HTTP 500 error page - this will stop errors giving the baddies any clues about your code.
I'll be glad to answer any questions if you have any!
Best of Luck
Very nice looking, unique. Like it a lot.
Herbert ... thanks for the Error 500 tip, will do. All the form info is validated, but only at DB level, I think it's pretty tight against SQL injection, but I'll be going back through before final launch to make sure it's all secure...
sig removed by Zak33
Only way to do it!
I can still get it to fallover though! What I used to do is subclass the request.form and request.querystring objects like this:
Class QueryStringReader
Function ReadValue(strName)
Dim strTemp
strTemp = Request.Form(strName)
strTemp = Replace(strTemp, "<whatever is dodgy>", "")
.....
.....
ReadValue = strTemp
End Function
End Class
Then call this instead of request.querystring etc.....sorry if I am teaching you to suck eggs!
Best of Luck
No, not at all....I see what you mean, I think that most of my concerns are to do with the integrity of the database, which has parsing to prevent pure injection issues. Keeping the code itself never really occured to me as worthwhile since unless someone wants to hack the site (which seems more effort than it's worth tbh) there's no real major security issue....
But it's a valid point and one worth bearing in mind...there aren't that many form elements, so shouldn't take too long to fix...
sig removed by Zak33
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote