WayneS (9/17/2014)
Sean Lange (9/17/2014)
ROFLMAO!!!! I just got a dev ticket to look into a website that was written and deployed about 3 years before I got here. The ONLY page on the entire site that does anything more than deliver static content is a page with a form that allows the user to upload a file. I was told this is really important because the last submission received was in 2010. Obviously mission critical functionality here. Add to that it is written in classic asp. I opened the thing for the first time ever today and it is wide open the sql injection, javascript injection and probably more. There is only 1 way to fix this, take it out to the pasture and shoot it. 😛Is this a public facing website? Care to send me a link? 😉
Not really. 😛 Not wanting to turn something that I can easily blow off for at least 4 years into something I have to fix immediately. It is public facing and truly horrible. It just takes the text boxes and build a pass through query blindly. Not even an attempt made to protect anything. Add to that the ability to upload files with no checking on file type or anything at all. The URL alone is enough to gain access to the network and I am not handing out that key. YUCK!!!
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/