A domain name is your web address, the URL of your website and the basis for your e-mail addresses.
Get your website, web store or application online using our reliable and fast hosting.
Create a website or web store you will be proud of by yourself.
Work online without any problems thanks to your mailbox, the Office Suite, etc.
Powerful solutions to keep your website, shop or app online.
Tailored IT advice to improve your business and make it more successful. Whatever your needs, we will always find a suitable solution. From €199 per month.
Take advantage of being a Combell partner.
These past 3 months, a new ‘SQL injection’ hype reared its head, infecting over half a million websites. This type of hacking mostly targets the underlying database and aims to perform as many modifications to it as possible. COMBELL has investigated this phenomenon and offers you some tips to prevent this type of abuse.
Until recently, this new trend was only spotted on ASP or ASP.NET websites. We have now established that ColdFusion websites are also targeted. Although the used programming language is a variable, a few constants remain:
- The cause is always code leakage
- The underlying database is always a Microsoft SQL Server database
These are undoubtedly not accidental constants; they lie at the basis of the injection: the lack of validation and security on the level of URL parameters makes it possible for hackers to inject their own SQL statements. To do this, they do not need any login data because the script provides them access to the database.
The extent and the impact of the injection are related to the architecture of Microsoft SQL Server: the data dictionary that is included in the different database tables can be used to map all tables and fields. Via the table “dbo.sysobjects”, hackers get an overview of all the available tables; via “dbo.syscolumns”, they can learn for each table which fields are present and via “dbo.systypes”, they finally get to know which fields can contain alphanumeric values. This combination allows hackers to replace all alphanumeric fields by their own text, without needing any concrete knowledge of your database structure.
Now that this plague has also hit the world of ColdFusion, it is important to reflect on what is referred to as “database sanitizing”, which comes down to “keeping the SQL statements clean”. Via ColdFusion, this can easily be done through the “CFQUERYPARAM” tag. By doing so, you can make sure that a query parameter does not contain any “forbidden” data. You can find more information on this subject in the following Adobe Livedocs article located here: http://livedocs.adobe.com/coldfusion/6.1/htmldocs/tags-b20.htm
In this article we give you important tips to run a successful web store during peak periods such as sales or smashing promotions.
Cloud computing allows us all to make our work much more mobile, cost-effective and secure. We no longer depend on bulky computers or servers nearby. Instead, entire companies can switch...
DDoS attacks can cause major economic damage and completely shut down websites. What is a DDoS attack? How can you protect your website against DDoS attacks and what measures does...
© 1999 - 2021 Combell nv.All prices exclude VAT.
| General conditions