I have a program that I am testing to make sure that it's fairly strong and the person who wrote the program tried to disable the keyboard, accept for the numbers, so that a SSN could be entered. However, if I go to a text file and write out some code, it's possible to cut and paste it into the field.
it gives me an error like:
ERROR [42000][Sybase][ODBC Driver]Syntax error or access violation
My question is, does this error show that an SQL injection might be possible in this type of program and if so, how could it be strengthened against one?
Also, this program will create an account in a database when you enter the information in the fields...if it is possible to cut and paste malicious code into the field, is it possible for someone to have the accounts that are already in the database come up in front of them to view?
it gives me an error like:
ERROR [42000][Sybase][ODBC Driver]Syntax error or access violation
My question is, does this error show that an SQL injection might be possible in this type of program and if so, how could it be strengthened against one?
Also, this program will create an account in a database when you enter the information in the fields...if it is possible to cut and paste malicious code into the field, is it possible for someone to have the accounts that are already in the database come up in front of them to view?
Comment