SQL Injection is a technique that exploits a security vulnerability at the database layer of an application. It is a special way of crafting or designing an input string such that the user gets control over the database.
For eg: Mostly all database related statements would look similar to:
SELECT * FROM EMPLOYEE WHERE EMP_ID = ' + $emp_id + ' AND PASSWD = ' + $passwd + ';
Imagine if an user inputs the passwrod string like
e' or 'e'='e
then the query would become
SELECT * FROM EMPLOYEE WHERE EMP_ID = ' + $emp_id + ' AND PASSWD = 'e' OR 'e'='e';
This would always evaluate to true and would grant the user access to the whole data.
A notorius user can even write multiple query lines to say Drop Table etc.
Two Steps to tackle this situation:
1. Limit Permissions:
The DB administrator should create different users depending on the kind of action performed, and appropriate credentials with least priviledges necessary for a task to be performed should be used. This could prevent most attacks but not all.
2. Clean the Input String:
PHP team has already released a function "mysql_real_escape_string()" to tackle this situation. This function replaces the (‘) with a (\’) and thus would not allow the attack.
So all you have to do is:
$passwd = mysql_real_escape_string($passwd);
Now the query would become:
SELECT * FROM EMPLOYEE WHERE EMP_ID = ' + $emp_id + ' AND PASSWD = 'e\' OR \'e\'=\'e';
Hope this helps!!!
Windows Vista basically replaces the popular hibernate feature with a new one called ‘Sleep‘, which is a combination of both Hibernation and Stand-By. In any case if you use a computer that is not always connected to power like a Laptop, you do need hibernation features. Or maybe your scenario doesn’t needs hibernation. So why waste the hard-disk space that the hiber.sys takes on your system? In any case you need a method to easily enable/disable hibernation feature on your machine.
As usual, XpressZine would always give/suggest you the best and easiest option to do any task.
So open up your command prompt by typing ‘cmd‘ in the ‘Run‘ window. Once the ‘Command Prompt‘ appears type the below code to finish the task you want to achieve.
To Enable Hibernation:
Type ‘powercfg -h on‘ (without quotes)
To Disable Hibernation:
Type ‘powercfg -h off‘ (without quotes)
NOTE: You need to have administrator access to complete this function.
NOTE: A confirmation may not be given. If no error is displayed then it would mean that the command executed successfully.
Filed Under (HowTo, Technology, Tips) by Rajan Zachariah on 22-12-2007
So you want to access ftp server but any software in the world that you use gives you a connection error. Sounds similar? Then read on…
If you are able to browse any ftp site but unable to connect using any third-party tools or softwares then you are behind an ISA Firewall Server. For most part of it, it would have been done by the company you work in, the college network backbone or even some of the cybercafe chains.
ISA Server provides the two basic services of an enterprise firewall and a Web proxy/cache server. ISA Server’s firewall screens all packet-level, circuit-level, and application-level traffic. The Web cache stores and serves all regularly accessed Web content in order to reduce network traffic and provide faster access to frequently-accessed Web pages.
You may not be able to access ftp via any third pary softwares as you are behind the proxy server and dns resolution is not the same now. For this you need to download and install the ISA Firewall Client from here.
The ISA Firewall client would help translate the dns resolution and other network messages to and from the third party softwares.
PS: This is not a hack, but the normal procedure. Oflate there were many people who got confused on accessing the ftp via a proxy server.
