N
Neil Gould
Ah. That sounds like something my clients might pay for. And, worth bothRecently said:Neil Gould said:Yes, I am aware of those possibilities, and that is why I'm curiousRecently said:[...]
What I'm new to is integrating database functions with ASP, so my
security concerns are mostly in the area of unwanted access to
server-side code by client-side apps or actions.
Be aware that client-side actions can include tampering with
querystring values, saving a local copy of a form, amending the form
fields and submitting it from eg your Desktop etc.
about other such opportunities.
Offhand, though, I don't know what advantage there would be to
amending form fields unless there is also some access to the code
that the form calls. If someone changes the field names in the form
without such access, the form submission should just fail. Added
fields should have no impact, as there isn't code to support the new
fields. Any examples of the kind of risk you had in mind?
LOL. Straight off the top of my head, I once found a site that had
the actual SQL that was being executed stored in a hidden field. Get
the picture?
pennies they paid, too! ;-)
Neil