Re: IIS 6 SQL Injection Sanitation ISAPI Wildcard at Codeplex
- From: David Wang <w3.4you@xxxxxxxxx>
- Date: Mon, 10 Dec 2007 13:24:23 -0800 (PST)
On Dec 9, 1:53 pm, Rodney Viana
<RodneyVi...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
IIS 6 SQL Injection Sanitation ISAPI Wildcard athttp://www.codeplex.com/IIS6SQLInjection
I created an ISAPI dll application to prevent SQL Injection attempts by
intercepting the HTTP requests and sanitizing both GET and POST variables (or
any combination of both) before the request reaches the intended code. This
is especially useful for legacy applications not designed to deal with MS SQL
Server Injection attempts. Though this application was designed with MS SQL
Server in mind, it can be used with no or minimal changes with other database
engines.
This ISAPI is only compatible with Internet Information Server (IIS) 6.0
which comes with Windows 2003. Windows XP uses IIS 5 engine which DOES NOT
support ISAPI Wildcard.
Cheers,
--
Rodney Viana, PMP
MCSE+I MCDBA MCST MOSS, SQL
Actually, IIS5's core request processing engine does support Wildcard
Application Mapping. It just does not support HSE_REQ_EXEC_URL which
is what allows one to "continue the request".
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
.
- Follow-Ups:
- Re: IIS 6 SQL Injection Sanitation ISAPI Wildcard at Codeplex
- From: Rodney Viana
- Re: IIS 6 SQL Injection Sanitation ISAPI Wildcard at Codeplex
- Prev by Date: Re: Disable TRACE IIS 6
- Next by Date: Re: IIS 6 SQL Injection Sanitation ISAPI Wildcard at Codeplex
- Previous by thread: Re: Stuck with SSL error
- Next by thread: Re: IIS 6 SQL Injection Sanitation ISAPI Wildcard at Codeplex
- Index(es):
Relevant Pages
|
