Quote:
Originally Posted by ProfNerwosol
Vulnerable to code injections in what way?
|
The original script takes whatever the user enters as the "userid" and "pass" and inserts them directly into the queries, no questions asked.
There's actually a large number of problems with the original script, SQL injection being the most severe by far.
Another problem is how the last ID is obtained:
Code:
SELECT Max(UserUID) AS max FROM PS_UserData.dbo.Users_Master
This method leaves it open for a race condition in which two users could get the same max UserUID. This is because the script doesn't know of the existence of any other running instances of itself asking the database for the same thing.
Something like this should be used instead:
Code:
SELECT IDENT_CURRENT('Users_Master')
There is a lot of problems with the database as well: missing primary keys, incorrect identity columns, and missing unique constraints to name a few.