Is this a security risk?
From: Shark Bait (SharkBait_at_discussions.microsoft.com)
Date: 04/27/05
- Next message: mikeram: "Re: SQL Server 2000 on Win 2003 and DTC"
- Previous message: Jens Süßmeyer: "Re: 2003 AD network security policy question"
- Next in thread: Mike Epprecht \(SQL MVP\): "Re: Is this a security risk?"
- Reply: Mike Epprecht \(SQL MVP\): "Re: Is this a security risk?"
- Reply: pdxJaxon: "Re: Is this a security risk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Apr 2005 05:28:02 -0700
I'm doing some testing on a vendor’s web site and ran into the error below. I
told the vendor that displaying this kind of error could give a hacker the
information needed to hack the db or attempt SQL injection attacks etc. (btw
this is a bank). The vendor is telling me that there is no danger in
releasing this information on the web site. I thold them they need to display
something else.
Assuming you or a hacker had this information, company information and the
URL where this error occurred; do you think these pose a security risk?
*** This is the error with the table database and field names changed ****
Insert statement conflicted with COLUMN CHECK constraint
'AColumnCheckConstraint'.
The conflict occurred in database 'ADatabaseName', table 'ATableName',
column 'PaymentAmount'..,
PaymentXML: 10056AWEBWEB01-4858538-14 ... WEBSERVERNAME ...
- Next message: mikeram: "Re: SQL Server 2000 on Win 2003 and DTC"
- Previous message: Jens Süßmeyer: "Re: 2003 AD network security policy question"
- Next in thread: Mike Epprecht \(SQL MVP\): "Re: Is this a security risk?"
- Reply: Mike Epprecht \(SQL MVP\): "Re: Is this a security risk?"
- Reply: pdxJaxon: "Re: Is this a security risk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
