Sql Injection

Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Error

Sql Injection

Options

Previous Topic Next Topic

judy at Web2Market		#1 Posted : Wednesday, July 24, 2019 9:25:21 AM(UTC)
Rank: Advanced Member Groups: Developers Joined: 11/7/2018(UTC) Posts: 303 Thanks: 21 times Was thanked: 5 time(s) in 5 post(s)		Should AC9 have code in the global.asax to stop sql injection the way Gold does? I remember that if it wasn't there in Gold, site would fail a security scan. //TERMINATE SQL INJECTION ATTEMPTS int maxQueryLength = 500; string rawUrl = Request.RawUrl; int qIndex = rawUrl.IndexOf("?"); if (qIndex > -1) { string query = Request.RawUrl.Substring(qIndex).ToUpperInvariant(); if (query.Length > maxQueryLength \|\| query.Contains("DECLARE%20")) { //POTENTIAL ATTACK Response.Clear(); Response.Write("INVALID REQUEST"); Response.Flush(); Response.End(); } }


User Profile View All Posts by User View Thanks


	Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

mazhar		#2 Posted : Wednesday, July 24, 2019 9:53:49 AM(UTC)
Rank: Administration Groups: Admin, Administrators, HelpDesk, System, Authorized User, Developers, Registered Joined: 10/5/2018(UTC) Posts: 175 Thanks: 8 times Was thanked: 17 time(s) in 15 post(s)		AC9 does have it, we moved this code to detect SQL injection into CommerceBuilder.


User Profile View All Posts by User View Thanks

Users browsing this topic
Guest (3)