|
|
 |
Re: FN-FORUM beginning with databases
date posted 18th April 2001 22:06
heh heh, i can give you a start on those holes - however there are a lot! :)
a better look is at: http://neworder.box.sk
most of the problems are due to microsofts almost communistic view of
programming - DCOM is a wonderful example, calling an object on a remote
server... also there are network managers who are unaware of certain
things. our previous one didnt seem to realise that theres a little tickbox
to stop the FSO being able to wander outside its parent directory (an
ex-collegue showed our directors this on a few free web hosts and shocked
their socks off). also if they are unaware about some components abilities
this can cause hassles - several upload components also allow you to
register components via ASP which is very dangerous. especially if someone
ever emualtes the virus i made (dont worry it isnt 'infectious' but it
destroys backups as well and it was just a test to see if an idea worked so
dont flame me!)
there is also the almost annually announced new ways of reading your source
code - in IIS5 you can at least encrypt your source (you have to remember to
keep a back up! :) ) - but there may still be servers out there open to
attack via $DATA and translate:f and various others. some even show the
code for global.asa (interdev places your connections as a application
object there - personally i use UDL which afaik is as secure as you get as
long as you place it outside the inetpub). if your source code can be read
then they may get a password for your db which can be a very bad thing.
there are plenty of patches, but plenty of holes as well - have a gander
here: http://www.microsoft.com/technet/security/
----- Original Message -----
From: "David Taylor" [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Wednesday, April 18, 2001 6:05 PM
Subject: RE: FN-FORUM beginning with databases
> Care to elaborate on these security holes in ASP, Dave?
>
>
> -----Original Message-----
> From: [EMAIL REMOVED]
> [EMAIL REMOVED] Behalf Of dave ecky
> Sent: 18 April 2001 17:43
> To: [EMAIL REMOVED]
> Subject: Re: FN-FORUM beginning with databases
>
>
> databases are pretty easy once you get used to them and waded through the
> spoddish bull that the writers of database books so delight in. once
you've
> got the idea of minimising the amount of repeated information the
> design/relationships aspect all falls into place and sql is a pretty
simple
> language to work out.
>
> access is a good starter database while asp is a good starting language
due
> its simplicity, extensibility and power (albeit with security holes a
> chinese plane could fly through without hitting an american one). if you
> know your html you might want to look at coldfusion which is a doddle to
> learn and follows a similar structure to html. i wouldnt touch oracle
just
> yet - although once youve got the hang of access try sql server, its good
> but not as good as microsoft seems to think it is.
>
> as for resources try www.webmonkey.com and www.4guysfromrolla.com both of
> these are excellent resources for asp/database, plus this forum is also a
> great resource whatever language you take up.
>
> hth
>
> dave ecky
>
> David Eckersall
> Kinetic North Limited
> A member of the Wize Group of companies
> Reg Co No 4100142
> Reg Office and Business Address
> St James House, Wellington Road North
> Stockport SK4 2QN
> Office Tel - 00 44 161 975 5900
> Office Fax - 00 44 161 975 5924
> Web - http://www.kineticnorth.com
>
> This communication contains information which is confidential and may also
> be privileged. It is for the exclusive use of the intended recipient(s).
If
> you are not the intended recipient(s) please note that any form of
> distribution, copying or use of this communication or the information in
it
> is strictly prohibited and may be unlawful. If you have received this
> communication in error please return it to the sender. Internet e-mails
are
> not necessarily secure. Kinetic North Limited does not accept
responsibility
> for changes made to this message after it was sent. Our messages are
checked
> for viruses but please note that we do not accept liability for any
viruses
> which may be transmitted in or with this message.
>
> ----- Original Message -----
> From: "Simon Raistrick" [EMAIL REMOVED]
> To: [EMAIL REMOVED]
> Sent: Wednesday, April 18, 2001 4:53 PM
> Subject: FN-FORUM beginning with databases
>
>
> > Hi
> >
> > I want to get going with databases but don't really know where to start,
> and
> > wondered if anyone could help me. My main intended use is building a
> > database driven web site.
> >
> > I have a book on SQL, and am learning it, although it's all abstract as
I
> > have nothing to use it with. I was thinking of going the Microsoft
route,
> > but what would I use to actually build the database? SQL server? I'm
> afraid
> > this is the bit I don't quite understand. I've been told MS Access is
not
> > very scaleable and Oracle is very hard to set up.
> >
> > I'm ready and poised to go buy another book to get this SQL stuff into
> > context, and cant wait to get something going so I can play with this
> stuff
> > (which is of course a great way to learn too). Eventually I want to get
my
> > head round ASP as well.
> >
> > If anyone can help get my muddled concepts into some kind of order, and
> > perhaps point me in a good direction for technologies to use, advice
would
> > be appreciated.
> >
> > TIA
> >
> > Simon Raistrick
> > [EMAIL REMOVED] 07780971346
> > http://www.feelmedia.com
> >
> >
> >
> >
> > ============================================================
> >
> > * Free listing for freelancers
> > * Free to advertise jobs
> > * Free jobs distribution service
> > * Free database of 1000 freelancers
> >
> > Freelancers and Freelance Jobs
> > http://www.freelancers.net
> >
> > To post to the Forum:
> > [EMAIL REMOVED]
> >
> > To unsubscribe please email:
> > [EMAIL REMOVED]
> >
> > If you have difficulties unsubscribing please email:
> > [EMAIL REMOVED]
> >
> > To subscribe to the digest for this list or for further information
please
> visit:
> > http://www.freelancers.net/forum.html
>
>
>
> ============================================================
>
> * Free listing for freelancers
> * Free to advertise jobs
> * Free jobs distribution service
> * Free database of 1000 freelancers
>
> Freelancers and Freelance Jobs
> http://www.freelancers.net
>
> To post to the Forum:
> [EMAIL REMOVED]
>
> To unsubscribe please email:
> [EMAIL REMOVED]
>
> If you have difficulties unsubscribing please email:
> [EMAIL REMOVED]
>
> To subscribe to the digest for this list or for further information please
> visit:
> http://www.freelancers.net/forum.html
>
>
>
> ============================================================
>
> * Free listing for freelancers
> * Free to advertise jobs
> * Free jobs distribution service
> * Free database of 1000 freelancers
>
> Freelancers and Freelance Jobs
> http://www.freelancers.net
>
> To post to the Forum:
> [EMAIL REMOVED]
>
> To unsubscribe please email:
> [EMAIL REMOVED]
>
> If you have difficulties unsubscribing please email:
> [EMAIL REMOVED]
>
> To subscribe to the digest for this list or for further information please
visit:
> http://www.freelancers.net/forum.html
|
|
|
