Click here to Skip to main content
15,884,353 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
Hi,

What are the characters we have to avoid in the password field to avoid hacking?
To prevent hacking through sql injection, I avoided ' and " in the password field. ie, if we enter ' and " in the password field, it will show an error message.

Please help me with any ideas.....
Thank you.....
Posted

Prevention from Hacking is a wide topic.

However to prevent you Application from "SQL Injection" either use Stored Procedures / Parametrized Queries.

For more information on have a look at below links.
http://msdn.microsoft.com/en-us/library/ff648339.aspx

http://msdn.microsoft.com/en-us/library/ff647397.aspx
 
Share this answer
 
v2
Comments
Neha Thanka 1-Nov-11 8:11am    
Thank you sir...........
RaisKazi 1-Nov-11 8:12am    
Welcome. :)
UJimbo 1-Nov-11 8:13am    
Pretty much. There are various applications or web sites that check your own web site for vulnerabilities and even make suggestions on how to improve them. Unfortunatelly, I cannot comment on their usefulness as I have never really tried one. I'm hoping people might know more about it. But it all depends on how far you are willing to go
RaisKazi 1-Nov-11 8:20am    
Yup Thank you, Hacking Prevention is pretty wide topic altogether.
"Denial-of-service attack" is another famous/infamous :) category on this Topic..

http://en.wikipedia.org/wiki/Denial-of-service_attack
Amir Mahfoozi 3-Nov-11 1:07am    
+5 ;)
Hi,

check this link you can see how to avoid sql injections

http://msdn.microsoft.com/en-us/library/ff648339.aspx

All the Best
 
Share this answer
 
Comments
Neha Thanka 1-Nov-11 8:13am    
Thank you .....
C#
Insert into ITCircular(title,type,url1,url2) values('" + txttitle.Text + "','" + txttype.Text + "','" + path + "','" + path1 + "')

It is unsafe method to write query as above.We should use parametrized query.

to avoid website hacking ,
you can use encryption/Decryption techniques.
 
Share this answer
 
SQL Injection attacking is not just for login situations. If you want to avoid that type of attack during authentication, then don't use SQL, use Windows authentication or other, more secure, forms of authentication.

You can avoid SQL Injections types of attacks by using stored procedures or parameterized queries. Never concatenate a SQL string and never use unvalidated input from users.

http://msdn.microsoft.com/en-us/library/ms161953.aspx[^]
 
Share this answer
 
Restricting characters in the input is absolutely the wrong way to go about avoiding SQL injection (and cross site scripting) attacks. Instead, you should use parameterised queries – in .Net there is very little excuse for not doing so as it's very easy.
 
Share this answer
 
Comments
Neha Thanka 1-Nov-11 8:39am    
Thank you sir....
I am using parameterised queries...
BobJanova 1-Nov-11 10:32am    
Then you don't need to worry about what characters are entered into text fields.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900