logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
judy at Web2Market  
#1 Posted : Wednesday, July 24, 2019 9:25:21 AM(UTC)
judy at Web2Market

Rank: Advanced Member

Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 286

Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
Should AC9 have code in the global.asax to stop sql injection the way Gold does? I remember that if it wasn't there in Gold, site would fail a security scan.
//TERMINATE SQL INJECTION ATTEMPTS
int maxQueryLength = 500;
string rawUrl = Request.RawUrl;
int qIndex = rawUrl.IndexOf("?");
if (qIndex > -1)
{
string query = Request.RawUrl.Substring(qIndex).ToUpperInvariant();
if (query.Length > maxQueryLength || query.Contains("DECLARE%20"))
{
//POTENTIAL ATTACK
Response.Clear();
Response.Write("INVALID REQUEST");
Response.Flush();
Response.End();
}
}

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

mazhar  
#2 Posted : Wednesday, July 24, 2019 9:53:49 AM(UTC)
mazhar

Rank: Administration

Groups: Admin, Administrators, HelpDesk, System, Authorized User, Developers, Registered
Joined: 10/5/2018(UTC)
Posts: 175

Thanks: 8 times
Was thanked: 17 time(s) in 15 post(s)
AC9 does have it, we moved this code to detect SQL injection into CommerceBuilder.
Users browsing this topic
Similar Topics
Sql injection company name (General Questions)
by judy at Web2Market 8/8/2023 12:44:32 PM(UTC)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.