WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Web Forms filtered with SQL constraints

From: "V. Poddubnyy" <vpoddubniy () mail ru>
Date: Wed, 6 Oct 2004 15:19:53 +0400
Hello!


But I have 2 questions:
      - How can I hide my Jscript filtering from the user ? 
When I want to see the source, everything is diaplayed, quite 
normal :( ... 


As Mike Allison said, it's no matter, that you hide your Jscript. But if you
want to hide it from the beginner users, put it into separate script1.js
file and use <script src="script1.js" /> (ot smth. like that). Remember,
this won't hide code from real attackers...


      - How can I deal with possible SQL errors within an ASP 
page ? I mean, if a field has been filled in, bypass my 
Jscript filtering (no matter how), and gets to the database 
but is then "stopped" by an SQL onstraint, how do I raise 
this error on an ASP page without diplaying an explicit error 
(giving the user the name of my database for instance) ?


Do you mean: "How can I raise error from SQL?", or "How can I handle SQL
errors in ASP?" ?

If the first, read SQL Server Books Online (keyword "raiseerror").

If the second and you use VB, try to use On Error GoTo statement. In
standard VB it looks like:

...
On Error GoTo CheckErr
... Some code ...
Exit Sub
CheckErr:
  If Err.Number = xxx Then
     Handler code
  Else
     write something like "Internal error. Contact support"
  end if
...

I don't remember now, but something like this is in ASP too.

--

I hope, my answer helped you.

--
Best regards,
 Vladimir Poddubnyy
Previous By Date Next
Previous By Thread Next

Current thread: