Sandshot Software  
   Home   Products   Services   Support   Search   My Account 
Home >> Technical Support >> Knowledge Base
Search our Knowledge Base

Our knowledge base contains a number of useful articles we have generated based on prior support requests for both our products and other products we support. You may limit your search by keywords or article category.

Category:
Keywords:
Limit search to:
   

Update SQL Injection Filter

The SQL Injection filter operates using what is referred to as a white-list approach. This means input is filtered based on what is expected rather than what is not allowed. This is a much more secure approach as attacks evolve, however, it is much more likely to result in false detections. The application automatically logs detections so you can adjust the filter as necessary.

  1. Review the detection log, usually located at log_sqlinjections.asp
  2. Look for items color of the type "Invalid Format" as these are the items which resulted in the filter shutting down the page. You can validate the error by pressing the "F" button
  3. Now you need to enable the debugging. To do this, visit your search page with the querystring as follows: SQLInjection_TestingMode=2. This will enable viewing the details of the detection
  4. Press the "F" button again for the detection. You will now see the complete details. Of importance is the last bulleted item which displays what triggered the detection:
    Field (????) where the ???? is the parameter name causing the problem. It will be in all lower case.
    Approved Format (????) where the ???? is the format defined in the configuration file
  5. Open the file db.conn.open.SQL.Injection.asp
  6. Search for the field name above pstrType = "REGEX:^[A-Za-z0-9\200-\377'.,\s-]+$" 'or something similar
  7. pstrType defines the allowable characters for this parameter. It can be WHITELIST, REGEX, or Numeric. Update as necessary to allow the desired characters
  8. Save (make sure you made a back-up) and test

This article was last updated on Thursday, January 01, 2009 12:00:00 AM

Return to Top


Our Top Sellers




Home | Products | Services | Support | My Account
Privacy | Site Map | About Us | Contact Us
 

StoreFront Hosting provided by Applied Innovations