MPHO4

Mhttp://www.

humm odd! Sorry I'm no help but intregued!

Had to try a post - most bizzare page I've ever seen!
Will put up a screen dump if theis doesn't fix it.

Didn't fix it check this out


>> Edited by .Mark on Monday 27th September 18:16

Tripps said:

PetrolTed said: Let's attack Pistonheads..... Next week: SQL-injection attacks Not really Ted, had enough recently fixing an application of mine against them - not fun

Just get a decent Firewall... Bobs your uncle then

PetrolTed said:

Firewalls aren't foolproof when it comes to SQL injection.

Aye, but like anything else, the better firewalls stop the most.

Checkpoint FW-1 has specific SQL Injection detection and defeating, actually inspecting each packet and determining 'norty' content.

Nothing beats a perfect code, but a good FW will give you 99% more freedom 100% of the time.

No denying tho, the more methods you can implement to keep yourself safe ( Code / Software / Hardware) the better

PetrolTed said:

There are some very simple measures you can take which are good practice and alert you to all sorts of problems and hacking attempts. It took me several years to cotton on to them though!

Thats why try as you might in this industry, nothing can really touch experience. Something the kids dont seem to grasp

PetrolTed said:

How old are you Jamie?

Touché

Just you wait till BTaP, you will pay for that


I am really 42, I just stick a young age in my profile

reminded me, profile trimmed down now.. hadn't touched it in ages, interesting thought re: Profiles and spidering, took me a second to realise what you were insinuating... wasn't the reason for Profile but a cunning insight into your psyche

PetrolTed said:

Tripps said: Not really Ted, had enough recently fixing an application of mine against them - not fun Drop me a line if you want some useful hints on picking these up - I've found some nice and simple solutions after much trial and error.

Cheers Ted,

Might well give you a bell sometime.

We tend to follow best practice now after we had a case a few years back of a junior tester at a client trying to get himself a promotion by hacking apart a web application we were involved in, annoying at the time (days before my holiday) but we learn't a lot.

Its mostly the code I pick up with embedded SQL that suffers, re-implementing as sa stored procedure with lots of checks tends to make things better. Also do extensive client-side field filtering also seems to keep things happy.

Mind you there's always that last minute, burning the midnight oil code that perhaps isn't quite as safe

PetrolTed said:

Sounds like you've got it covered. I tend to code in a bit of a vacuum so sometime miss some obvious techniques used by others.

I know what you mean by a vacuum, I used to have a team at my desposal but now I'm working on me tod I find its easy to miss out on tricks and tips, must expand the company soon rather than waste money of buying a TVR!