WebApp Sec mailing list archives
RE: Web Forms filtered with SQL constraints
From: "V. Poddubnyy" <vpoddubniy () mail ru>
Date: Wed, 6 Oct 2004 15:19:53 +0400
Hello!
But I have 2 questions: - How can I hide my Jscript filtering from the user ? When I want to see the source, everything is diaplayed, quite normal :( ...
As Mike Allison said, it's no matter, that you hide your Jscript. But if you want to hide it from the beginner users, put it into separate script1.js file and use <script src="script1.js" /> (ot smth. like that). Remember, this won't hide code from real attackers...
- How can I deal with possible SQL errors within an ASP page ? I mean, if a field has been filled in, bypass my Jscript filtering (no matter how), and gets to the database but is then "stopped" by an SQL onstraint, how do I raise this error on an ASP page without diplaying an explicit error (giving the user the name of my database for instance) ?
Do you mean: "How can I raise error from SQL?", or "How can I handle SQL errors in ASP?" ? If the first, read SQL Server Books Online (keyword "raiseerror"). If the second and you use VB, try to use On Error GoTo statement. In standard VB it looks like: ... On Error GoTo CheckErr ... Some code ... Exit Sub CheckErr: If Err.Number = xxx Then Handler code Else write something like "Internal error. Contact support" end if ... I don't remember now, but something like this is in ASP too. -- I hope, my answer helped you. -- Best regards, Vladimir Poddubnyy
Current thread:
- Web Forms filtered with SQL constraints Bénoni MARTIN (Oct 05)
- Re: Web Forms filtered with SQL constraints Ian (Oct 07)
- Re: Web Forms filtered with SQL constraints RSnake (Oct 07)
- Re: Web Forms filtered with SQL constraints Saphyr (Oct 09)
- Re: Web Forms filtered with SQL constraints tie (Oct 07)
- Re: Web Forms filtered with SQL constraints Steven Boone (Oct 07)
- RE: Web Forms filtered with SQL constraints V. Poddubnyy (Oct 08)
- RE: Web Forms filtered with SQL constraints focus (Oct 09)
- Re: Web Forms filtered with SQL constraints Matt Fisher (Oct 09)
- Re: Web Forms filtered with SQL constraints yahoouec (Oct 12)
- <Possible follow-ups>
- RE: Web Forms filtered with SQL constraints Mike Allison (Oct 05)
- Netware ichain Taki Waki (Oct 06)
- RE: Netware ichain Eyal Udassin (Oct 07)
- Netware ichain Taki Waki (Oct 06)
- Re: Web Forms filtered with SQL constraints Tom Stowell (Oct 07)
- RE: Web Forms filtered with SQL constraints Bénoni MARTIN (Oct 09)
- RE: Web Forms filtered with SQL constraints RSnake (Oct 12)
- RE: Web Forms filtered with SQL constraints Dr Death (Oct 12)
(Thread continues...)
- Re: Web Forms filtered with SQL constraints Ian (Oct 07)