Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

telerik -- supercharge your DNN websites
  Need Help?  
Professional technical support for DotNetNuke is available from DotNetNuke Corporation.
 


  Ads  
r2i.ntegrated
 


  Sponsors  

Meet Our Sponsors

Salaro -- Skins and more
OnyakTech
The best choice for your web site host, email hosting, and domain registration.
CrystalTech Web Hosting™
Webhost4life, specialists in DNN hosting
Mad Development is a full service interactive agency focusing on the merge of design, technology, e-commerce, and affiliate marketing by providing total website solutions.
 


DotNetNuke Forums
 
  Forum  DotNetNuke® Pro...  FCKeditor Provi...  Does FCKeditor have a BadWords.txt file?
Previous Previous
 
Next Next
New Post 4/27/2008 7:56 AM
User is offline Mitch Sellers
5575 posts
www.mitchelsellers.com
3rd Ranked




Re: Does FCKeditor have a BadWords.txt file? 

I'll chime in here and agree with all the above. 

The risk of actual SQL Injection is quite limited, especially if developers are using proper SQL procedures (Using stored procedures with parameters).  The biggest risk is with the injection of other items, such as script tags as mentioned above.

Even this is a limited issue though as there are times where you MUST allow people to insert this type of code.  For example I use an instance of the Text/HTML module to insert my Google Analytics tracking code, which is an SQL Script.  I think the biggest thing is knowing the open holes in any modules you are using, and keeping the footprint for user input to a limited base to ensure that you are not allowing unauthenticated or non admin users to insert items unfiltered.

-Mitchel Sellers
MCITP, MCPD, MCTS
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Consulting Quotes, and DNN Technical Support Services

I reccomend 3Essentials for shared hosting and BaseCamp for project management
 
 Page 2 of 2Previous12 
Previous Previous
 
Next Next
  Forum  DotNetNuke® Pro...  FCKeditor Provi...  Does FCKeditor have a BadWords.txt file?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


WDK Solutions
Quality modules for the DotNetNuke community. Check out our 'wild' modules!
wdkns.com 		UK - DotNetNuke providers
UK providers of DNN module development and skin package design. Oxford Information Labs provides cost-effective solutions for businesses and organisations specialising in Skin design and bespoke module development.
www.oxil.co.uk 		TronixSoft
Hosting for local businesses that want more from their websites.
www.TronixSoft.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP