The Underscore Archives

On Tue, Jul 29, 2008 at 11:37 AM, Simon Dingley
<newsgroups at creativenrg.co.uk> wrote:
> Thanks Tim, as far as I can tell the intruder did not succeed despite
> repeated attempts which I know about because I get emailed copies of all
> exceptions on the site. The site makes use of Stored Procedures almost
> exclusively which I think was one thing in my favour.

I was tasked with fixing a similar SQL injection attack recently
(which was succeeding) and, despite knowing ~zero ASP, I implemented
the solution described here:
http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx

It's sticking plaster, but it did the job.

Tim
-- 
Tim Beadle

*** Bathcamp - a BarCamp in Bath - 13th/14th September 2008
Book now at http://bathcamp08.eventbrite.com/ ***