SourceTec Software

It is currently Thu Apr 24, 2014 10:29 am

All times are UTC + 8 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Fri May 02, 2008 3:54 am 
Offline
Member
User avatar

Joined: Wed Sep 19, 2007 12:11 am
Posts: 10
Location: Chicago, IL
In your tutorial for ASP dynamic scroller you place the connection string within the code. This becomes a security issue with the scroller. The recordset needs to be created in the head of the page the scroller is placed in and the loop references the recordset to create the content. This is what I do for the DHTML and Tree Menus. The security issue comes from placing the user name and password to your database within the JS code to create the connection string. All a hacker would need is to view the source code on the page with the scroller. Then copy and past the URI in the address bar, (i.e. http://yoursite.com/scripts/shop_scroller.js) and now the hacker has the connection string to your database to do with what he/she wishes.


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 02, 2008 4:53 am 
Offline
Guru

Joined: Wed Jan 31, 2007 4:21 am
Posts: 1116
well the samples have to be made for babies as alot of people who use this have never seen or heard of a database before or even done any websites before and are only learning how to turn a computer on.


Top
 Profile  
 
 Post subject:
PostPosted: Mon May 05, 2008 1:38 pm 
Offline
Support Team
Support Team
User avatar

Joined: Thu Aug 01, 2002 5:59 pm
Posts: 1808
JS file should be renamed into .asp file.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group