__/ [ Dave Sexton ] on Friday 05 January 2007 10:45 \__
> "Robert Heller" <heller@xxxxxxxxxxxx> wrote in message
> news:9d918$459e2772$404a99a1$9365@xxxxxxxxxxxxxxxxxxxxxxxx
>> At 5 Jan 2007 01:12:22 -0800 sinbuzz@xxxxxxxxx wrote:
>>
>>>
>>> Hi,
>>>
>>> I'm curious about the best way to avoid SQL Injection attacks against
>>> my web server.
>>>
>>> Currently I'm on IIS.
>>>
>>> I might be willing to switch to something like Apache but I'm not sure
>>> if SQL Injection is
>>> is a generic enough of an attack to cause me worries once I make the
>>> switch.
>>
>> I believe the SQL Injection attacks are unique to IIS. Switching to
>> Apache would be a smart move.
>>
>>>
>>> Also, I'm looking for ways to prevent hackers from stealing adult
>>> content from my site.
>>
>> Apache + Linux.
>>
>>>
>>> ...Bob
>>> http://SinBuzz.com
>>> [ For those who live in Sin ]
>>>
>
> Hi Robert,
>
> IIS has nothing to do with SQL injection attacks, which can occur when your
> code constructs an SQL statement based on hard-coded SQL and user input.
> This can occur on any development platform, in any language and on any
> server.
>
> It's simply a matter of design.
In case it helps judgment, Microsoft-Watch switched from Windows/ISS to Red
Hat GNU/Linux/Apache last month. The only think going for Windows/IIS are
brochures.
Best wishes,
Roy
--
~~ Best wishes for the new year!
Roy S. Schestowitz | "Avoid missing ball for higher score"
http://Schestowitz.com | RHAT GNU/Linux ¦ PGP-Key: 0x74572E8E
11:00am up 78 days 21:14, 6 users, load average: 1.67, 1.40, 1.06
http://iuron.com - help build a non-profit search engine
|
|
