Asp.NET to the Rescue!
August 07, 2008
Recently, MikeWorks.NET was called on to help CenterLink, the Community of LGBT Centers, with a little problem they had with hackers and SQL injection. There have been many sites hit with similar SQL injection problems.
The Situation
They had an old site that was orginally programmed in classic asp and was directly accessing their database using those little things called "query strings" - those words and numbers that follow a "?" in a URL. Well, despite efforts to "clean and strip" input from the query strings, they were still hacked. It was time for asp.net and some hand coding to come to their rescue.
The Solution
MikeWorks.NET has completed a re-build of their job listings application and are hard at work on their directory of community centers. Using parameterized stored procedures and strongly typed custom classes to match database tables are just two of the things we have done for them to help stop those nasties from gaining access.
While it is difficult for anyone to say with complete certainty that a website is hacker-proof, MikeWorks.NET asp.net sites have all withstood recent hacking attempts. We believe that CenterLink will too.
Are we taking a chance that by posting this we are making them a target once again? Perhaps. But now CenterLink has their defenses up. Do you?
Resources
A recent Microsoft knowledgebase article
Some quick coding fixes: http://forums.asp.net/t/1254125.aspx
|