Yeah Greg, but you still got the data anyway, so if you read " GO SET
NOCOUNT ON GO DROP TABLE MASTER GO" instead of "Select a bunch of shit
from FOO" your still toast! I try that first statement on online
systems as a check for GO hacking.
Bad Steve!
Stephen Russell
S.R. & Associates
Memphis TN 38115
901.246-0159
The 4 billion dollars that Microsoft spent seems to have run out just
about the time they got to the datagrid. . . .
-----Original Message-----
From: profox-bounces /AT/ leafe DO.T com [mailto:profox-bounces@leafe.com] On
Behalf Of Greg Gum
Sent: Friday, October 31, 2003 1:31 PM
To: profox /AT/ leafe DO.T com
Subject: RE: [NF] Gates: You don't need perfect code for security
What if it was an unexpected SQL statement, ie came from a virus or
something? This would at least give you a clue something is going on.
Greg
-----Original Message-----
From: profoxtech-bounces@leafe.com [mailto:profoxtech-bounces /AT/ leafe DO.T com]
On Behalf Of allan lindgren
Sent: Friday, October 31, 2003 12:54 PM
To: profoxtech@leafe.com
Speaking of security, I just had to do a work around for this. We are
testing our direct marketing module in Office 2003 (word 11). When the
user previews or prints a merged document, there is a new warning screen
that states "Opening this document will run the following SQL command:
SELECT * FROM C-3000G6YD Data from your database will be placed in the
document. Do you wish to continue? " MS states that this is part of
there new commitment to security. The dialog has a yes and no button. If
you push the YES button, you get the mail merge document with data. If
you push the NO button you get the mail merge document with data.
Question; How is this secure? ;-) We are turning this off for our
customers in the registry.
Allan Lindgren
mailto:allan_lindgren /AT/ starkey DO.T com
> -----Original Message-----
> [mailto:profox-bounces@leafe.com] On Behalf Of James Roark
>
> Subject: [NF] Gates: You don't need perfect code for security
>
>
[excessive quoting removed by server]
©2003 Stephen Russell |
