Security & DHTML Editors

FP2003 · Apr 23, 2005

I'm finishing up on a site and the owner has asked that users be allowed to
upload news articles into a form page.

The form page has a DHTML text editor on it that submits to the Access
database.

I was curious to know if it was possible for a user to upload malicious code
into the database this way.

The field being utilized is a memo field with a 30K character limit set on
it.

Using: FrontPage2003/Access & Win2K server

Thanks

FP2003 · Apr 23, 2005

Clarification: the owner has asked that users be allowed to upload news
articles into the database using a form page.

clintonG · Apr 24, 2005

Google: form cross site scripting
Google: form sql injection attack

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

FP2003 · Apr 25, 2005

WOW !

Great lesson...thanks

clintonG said:
Google: form cross site scripting
Google: form sql injection attack

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

insert memo feild into a memo field truncates at 255 characters -	4	Dec 3, 2009
Stop Fooling Database Entry Users	1	Jan 9, 2010
Setting rules for attaching files to an InfoPath form	0	Mar 11, 2010
Limitation in Number of Fields ...	8	Oct 10, 2008
Form behavior after security implemented	4	Aug 24, 2009
Developing ASP Pages For Display....	2	Jun 8, 2004
Access 2010 Disable Microsoft Access Security Notic	3	Aug 10, 2013
AUTOEXEX Macro - Check OS or Access Version BEFORE Enable MACRO Security	0	Jul 11, 2013

Security & DHTML Editors

FP2003

FP2003

clintonG

FP2003

Ask a Question

Similar Threads