Preventing SQL injection - can't use cfqueryparam in this case

Similar Messages

• Preventing Sql Injection Attacks

  Please see my posting on "Sql Injection" in the Technologies\Security forum. I am interested in preventing sql injection attacks on our server. It was difficult to decide where to post it as it is a security issue but it may be general server issue. Or is it???

  It would have helpful if you had either repeated the text of your other post here, or else included a link Sql Injection.
  Tom Best posted a link to an interesting sounding paper in Injection Attack. I haven't had the chance to read it yet, but it is probably the best best place to start (as no-one else posted to that thread).
  Cheers, APC

• Can I use JMS for this?

  User logs into our administrative console, selects a job, clicks run.
  Behind the scenes, the run command actually creates a job and returns XML which provides a long list of commands that need to be executed in order for that "job" the user triggered to be complete. This XML contains everything from shell scripts that need to be triggered to PL/SQL functions and stored procedures that need to be called...and they're listed in this XML file in the order they need to be executed and the next process in the list can only be executed when the process before it is finished. This all needs to go on behind the scenes, uninhibiting the user's experience on the website...so that's why I thought I might be able to use JMS but it seems everything needs to be written in java for this to work, which is a problem being I need to trigger runtime processes on the Linux box to execute shell scripts, which are not written in java...how would those shell scripts communicate with the JMS?
  Anyone doing anything like this? Examples somewhere? It's kind of like a job management console...the jobs are pretty complex and can take up to 45 minutes or more to complete, which is why we need to come up with a way to run them from the app server, but in the background, asynchronously from the user's website utilization. This obviously, because of the time some of these take to complete, can't be a request/response architecture...
  Thoughts? Help? Anything greatly appreciated.
  Thanks!
  rlb

            poorni wrote:
            > Hello everyone,
            > I need to send an alert message from the client to a server(which is
            > remote). Can I use JMS for this?.
            Yes.
            If so can anyone please suggest me
            > an open source JMS provider.
            WebLogic has JMS built-in.
            > Thank you,
            > poornima
            

• Hi. I have an iPhone and a Mac,and my sister has iPad2 and iPhone also.we both use a pc to sync our devices and use one App ID in our devices.but we want to use personal iCloud to achieve our personal files.how can I use iCloud in this situation?

  Hi. I have an iPhone and a Mac,and my sister has iPad2 and iPhone also.we both use a pc to sync our devices and use one App ID in our devices.but we want to use personal iCloud to achieve our personal files.how can I use iCloud in this situation?

  You will need to setup a new Apple ID for your sister.  You have to have an Apple ID and iDevice connected and using that account to get an iCloud account.

• Can I use the iPhone 5s case for the iPhone 5?

  Can I use the iPhone 5s case for the iPhone 5?

  Do cases made for iPhone 5 also work with iPhone 5s?
  While iPhone 5 and iPhone 5s have the same shape and size, the camera and LED flash are different. So cases made for iPhone 5 may affect the camera operation on iPhone 5s, and vice versa. When shopping for cases, you should choose one specifically made for the iPhone model you own.
  From Apple online Store

• I have a new ipad which needs itunes 10.7 or later to download my music onto it... but my ipad is not compatible with this as it is too old... can i use itunes with this ipad and apple laptop?

  I have a new ipad which needs itunes 10.7 or later to download my music onto it... but my apple laptop is not compatible with this as it is too old... can i use itunes with this ipad and apple laptop?

  To use itunes 10.7 you need to have Snow Leopard operating system installed
  These are the system requirements
  System Requirements:
  Mac computer with an Intel processor
  1GB of memory
  5GB of available disk space
  DVD drive for installation
  Some features require a compatible internet service provider: fees may apply.
  If you can run Snow Leopard you need to purchase it
  http://store.apple.com/us/product/MC573/mac-os-x-106-snow-leopard

• What silent switch can I use to make this uninstall? C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}"

  What silent switch can I use to make this uninstall? C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}"

  Your install log indicates you are facing file permission issues.  You can see an example here:
  DF037: Unable to delete directory "C:\Program Files\Common Files\Adobe\Keyfiles". Error 145 The directory is not empty.(Seq 1)
[    1904] Fri Dec 28 07:00:31 2012  WARN
DW063: Command ARKDeleteDirectoryCommand failed.(Seq 1)
[    1904] Fri Dec 28 07:00:31 2012 ERROR
DF037: Unable to delete directory "C:\Program Files (x86)\Common Files\Adobe\ssc\CreativeCloud-CS6-Win-GM". Error 145 The directory is not empty.(Seq 2)
[    1904] Fri Dec 28 07:00:31 2012  WARN
DW063: Command ARKDeleteDirectoryCommand failed.(Seq 2)
[    1904] Fri Dec 28 07:00:31 2012 ERROR
DF037: Unable to delete directory "C:\Program Files (x86)\Common Files\Adobe\ssc\CreativeCloud-CS6-Mac-GM". Error 145 The directory is not empty.(Seq 3)
[    1904] Fri Dec 28 07:00:31 2012  WARN
DW063: Command ARKDeleteDirectoryCommand failed.(Seq 3)
[    1904] Fri Dec 28 07:00:31 2012 ERROR
DF037: Unable to delete directory "C:\Program Files (x86)\Common Files\Adobe\ssc\AMT". Error 145 The directory is not empty.(Seq 4)
  You will want to adjust the file permissions for C:\Program Files\Common Files\Adobe and C:\Program Files(x86)\Common Files\Adobe.  You can find information on how to adjust the file permissions at Error "Exit 6" or "Exit 7" | Install log | Read, write, system file errors | CS5, CS5.5 - http://helpx.adobe.com/creative-suite/kb/error-exit-6-exit-7.html.  Please make sure you apply the permission change to all child objects.
  In general you can find information on how to review and interpret your installation log at Troubleshoot with install logs | CS5, CS5.5, CS6 - http://helpx.adobe.com/creative-suite/kb/troubleshoot-install-logs-cs5-cs5.html.

• My location services appears to be locked. They are in light grey and will not let me turn them on and off. New app requiring GPS i can't use due to this. How can i reset or fix?

  My location services appears to be locked. They are in light grey and will not let me turn them on and off. New app requiring GPS i can't use due to this. How can i reset or fix?

  Double check your restrictions for location service.
  settings - genral - restricitons.

• Preventing sql injection attack

  string objConn9 = "Provider = MSDAORA;User ID=103109798;Password=password;Data Source=orabis;";
                                OleDbConnection myConnection9 = new OleDbConnection(objConn9);
                                string commandString9 = "INSERT INTO users(username,password)VALUES(:username,:password)";
                                OleDbCommand myCommand9 = new OleDbCommand(commandString9, myConnection9);
                                myCommand9.Parameters.Add(":username", txtUsername.Text);
                                myCommand9.Parameters.Add(":password", txtPassword.Text);
                                myConnection9.Open();
                                myCommand9.ExecuteNonQuery();
                                myConnection9.Close();
  i'm using this code to try to remove the problem of
  users entering a comma or an semi colon and throwing off my query, but its not working...
  is there an easy way to insert text values into oracle 8i
  that contain '; etc without throwing it off. I'm developing through c# and oracle 8i, the problem is most of the code examples are related to sql server and vb.net

  I may be off here, but in this case you appear to be okay. The code snippet you include looks to me like it is using bind variables. If you are using bind variables you are not susceptible to sql injection attacks.
  It is only when concatenating a string together to make a sql statement that injection attacks can occur.
  See
  http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:668624442763#18067076079313
  and search for injection.
  Or just go to
  http://asktom.oracle.com
  and search for "sql injection bind variable" for lots of other references.

• SQL Developer can be used for database design

  can I use SQL Developer to design the database?

  It really depends on what you mean by "can," how complex the schema design is going to be, and your comfort level.
  AB is quite right to point out Oracle Designer-- that's a very powerful, very visual tool for creating physical and logical schema designs. It also has a relatively steep learning curve and a relatively large installation footprint. If you need to generate highly complex schema designs, to allow multiple modelers to work together, and you will use the tool frequently enough to justify the training time, Designer is a wonderful tool.
  On the other end of the spectrum, however, it's perfectly possible to generate a schema design using SQL*Plus or SQL Developer with a white board or scratch paper nearby to help think through various issues. The tools aren't presenting you with pretty ERDs, they're not automatically translating visual representations of designs to physical implementations, etc. but it's quite possible for a human using those tools to do the translation.
  Either way will work-- the constraints of your particular project and your comfort level with various risks will determine which approach is more appropriate.
  Justin

• Can't Use Phone with SCR24 Case & DK48 Dock

  Seems odd to me that when you have tyhe SCR24 case fitted to your Z3 you can't use it when docked.  You can charge the phone with the case on when it is closed but not when you fold it back. If you want to use it you have to remove it from the dock - crazy !

  One of the criticisms of the SCR24 Case was that it doesn't offer suuficient protection particularly in a drop where the front cover can fly open. 
  It seems the SCR26 addresses this important issue by incorporating a clip to prevent the front cover opening.  The SCR24 is no longer shown on the Sony web site as an accessory.
  A real bummer for those of us who spent good money on the SCR24. 

• HT1904 I just put two $50. iTunes and a $15. On my phone and can't use it! This is the second time ive had a problem with iTunes! This is ridiculous

  I bought two $50.00 ITunes cards and a 15.00 because.the 100.00 wouldnt work. I still can't use  my cards.

  You are right, but how could i send it to Apple? when the phone company first replaced my iphone they had in stock alots of iphones and they just sent mine back to Apple and gave me a new one, so all i did is to give them my phone, but now how could i sent it to Apple? and i cant send it by myself, and the store wont do that, its a lost for them.. so sending it to Apple wasnt an option from the begining.
  and for the record, i dont think the store where i bought it is an authorized shop.. its just a store who boughts phone's from Apple in a low price and sells it in much more money..

• Can I use DMU for this database?

  Hi everyone,
  I am snippeting a CSSCAN ( i know..) so that will reveal the amount of convertible data we have to tackle and wanted everyone's opinion if we can use DMU for this database.
  [Data Dictionary Conversion Summary]
  Datatype Changeless Convertible Truncation Lossy
  VARCHAR2 7,805,484 202 0 0
  CHAR 1,573 0 0 0
  LONG 220,073 0 0 0
  CLOB 91,227 15,718 0 0
  VARRAY 23,479 0 0 0
  Total 8,141,836 15,920 0 0
  Total in percentage 99.805% 0.195% 0.000% 0.000%
  The data dictionary can not be safely migrated using the CSALTER script
  [Application Data Conversion Summary]
  Datatype Changeless Convertible Truncation Lossy
  VARCHAR2 68,382,337 350,836 39 84
  CHAR 322,930 0 0 0
  LONG 0 0 0 0
  CLOB 32,522 13,257 0 0
  VARRAY 1,552 0 0 0
  Total 68,739,341 364,093 39 84
  Total in percentage 99.473% 0.527% 0.000% 0.000%
  I think it should be fine.
  Please let me know.
  thanks

  Hello,
  the amount of convertible has no relation to if you can use dmu or not.
  of course, the less convertible, the less time the conversion process itself will take, but that's about it
  Regards,
  Gunther

• Can't use safari w/this version of OSX?? OSX 10.5.1/Safari 3.04

  worked fine on my powerbook g4 before installing Leopard yesterday.
  now, with leopard, i get that message..."can't use the application safari w/this version of OSX" what's up??
  the same versions (10.5.1/3.04) work fine on my imac g5
  software update thinks all's fine and i can't find a downloadable version of Safari on the apple site except for windoze. jeeeze! come on guys, how about a little mac support??

  Hi
  Welcome to Apple Discussions
  Are you certain you are trying to open v 3.0.4? Make sure you don't have multiple Safari versions installed on your machine. Enter Safari.app in your spotlight panel. If multiples show up, move to the trash the 2.0.4 version.
  In necessary: Reinstalling Safari 3.0.4 - Insert the Leopard Installer DVD. Double Click on the "Optional Installs". Then double click on the Optional Installs.mpkg file. Once open the Installer will lead you through a few steps. After selecting your HD, the next panel is where you'll find Safari (in the Applications folder). Select it and continue.
  Once Safari is installed, "repair permissions" again via Disk Utility in your Utilities folder.

• Can i use JMS in this scenario

  Hi all,
            I have a doubt .I just want to know wether i can use JMS in this situation.
            By the end of processing in our module, we will have a ServiceRequest.Now we
            have to pass that ServiceRequest related information to other module which
            is residing on another machine.
            So i was thinking of this
            1)our module end point is a servlet.
            2)there i construct the xml string with all the info related to
            ServiceRequest.
            3)after that i create a text message and post it to JMS queue on another
            server(module)
            4)Then there is an MDB which recieves the request using onMessage method
            and then that ServiceRequest related changes r made in the db.
            Is JMS an ideal solution in this scenario.
            I was also just thinking,JMS is for asynchronous communication.
            Now don't u think that i can achieve this kind of asynchronous communication
            by sending(posting using HttpURlConnection) the xml messaage from servlet1
            in server 1 to servlet 2 in other module(server2) and have the jdbc code to
            save the data related to ServiceRequest in the servlet in the other
            module.That way also i acheive kind of asynchronous communication(i.e am not
            getting any response back).Why shud i use JMS then.
            So i just want to know is this the right scenario for going for JMS or we r
            just complicating things.
            Thnx in Advance
            Veena.
            

  JMS is ideal for asynchronous behaviour, why try to build your own
            asynchornous behaviour. If you want to have two processes just for async
            behavior, u have to take into account many other issues, like one process
            going down. How would you scale your application.
            Why can't ur first servlet write directly to the database?
            -Vikas
            "Veena" <[email protected]> wrote in message
            news:[email protected]...
            > Hi all,
            >
            > I have a doubt .I just want to know wether i can use JMS in this
            situation.
            >
            > By the end of processing in our module, we will have a ServiceRequest.Now
            we
            > have to pass that ServiceRequest related information to other module which
            > is residing on another machine.
            >
            > So i was thinking of this
            >
            > 1)our module end point is a servlet.
            > 2)there i construct the xml string with all the info related to
            > ServiceRequest.
            > 3)after that i create a text message and post it to JMS queue on another
            > server(module)
            > 4)Then there is an MDB which recieves the request using onMessage method
            > and then that ServiceRequest related changes r made in the db.
            >
            > Is JMS an ideal solution in this scenario.
            >
            > I was also just thinking,JMS is for asynchronous communication.
            > Now don't u think that i can achieve this kind of asynchronous
            communication
            > by sending(posting using HttpURlConnection) the xml messaage from servlet1
            > in server 1 to servlet 2 in other module(server2) and have the jdbc code
            to
            > save the data related to ServiceRequest in the servlet in the other
            > module.That way also i acheive kind of asynchronous communication(i.e am
            not
            > getting any response back).Why shud i use JMS then.
            >
            > So i just want to know is this the right scenario for going for JMS or we
            r
            > just complicating things.
            >
            > Thnx in Advance
            > Veena.
            >
            >
            >