Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

The best choice for your web site host, email hosting, and domain registration.
  Need Help?  
Professional technical support for DotNetNuke is available from DotNetNuke Corporation.
 


  Ads  
Webhost4Life - $4.95 Windows Hosting
 


  Sponsors  

Meet Our Sponsors

The best choice for your web site host, email hosting, and domain registration.
CrystalTech Web Hosting™
Webhost4life, specialists in DNN hosting
Mad Development is a full service interactive agency focusing on the merge of design, technology, e-commerce, and affiliate marketing by providing total website solutions.
AspDotNetStoreFront - E-Commerce by Design - The Leading ASP.NET shopping cart platform for developers!
Click here to go to dev.live.com for Windows Live developer resources
 


DotNetNuke Forums
 
  Forum  DotNetNuke® Pro...  FCKeditor Provi...  Does FCKeditor have a BadWords.txt file?
Previous Previous
 
Next Next
New Post 4/27/2008 7:56 AM
User is offline Mitch Sellers
5566 posts
www.mitchelsellers.com
3rd Ranked




Re: Does FCKeditor have a BadWords.txt file? 

I'll chime in here and agree with all the above. 

The risk of actual SQL Injection is quite limited, especially if developers are using proper SQL procedures (Using stored procedures with parameters).  The biggest risk is with the injection of other items, such as script tags as mentioned above.

Even this is a limited issue though as there are times where you MUST allow people to insert this type of code.  For example I use an instance of the Text/HTML module to insert my Google Analytics tracking code, which is an SQL Script.  I think the biggest thing is knowing the open holes in any modules you are using, and keeping the footprint for user input to a limited base to ensure that you are not allowing unauthenticated or non admin users to insert items unfiltered.

-Mitchel Sellers
MCITP, MCPD, MCTS
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Consulting Quotes, and DNN Technical Support Services

I reccomend 3Essentials for shared hosting and BaseCamp for project management
 
 Page 2 of 2Previous12 
Previous Previous
 
Next Next
  Forum  DotNetNuke® Pro...  FCKeditor Provi...  Does FCKeditor have a BadWords.txt file?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


ASP.NET Web Hosting for $3.95
3 Month FREE ASP.NET Hosting! FREE Setup! DNN Support! FREE Domain Name! FREE Components! Host multiple websites on 1 plan! 30 Days Money Back Guarantee!
www.dailyrazor.com 		Cestus Websites
DotNetNuke websites en services in Nederland. Cestus Websites levert websites, projectmanagent, skins, modules, training en gespecialiseerde hosting op basis van het CMS DotNetNuke.
www.dotnetnuke-websites.nl 		FREE Skins, Modules & Control Panel!
Choose how much you want to pay on our Skins, Modules, Containers and Control Panel - Starting from FREE!
www.dnngroup.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP