Filtering Query String

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Filtering Query String

Last Thread Next Thread Next

Filtering Query String

West, I

06-29-06 08:25 AM

Hi,

I have a client site who runs IIS5 as his web server with Filemaker 6 as
there backend database.

There is a major security flaw with the Filemaker web publishing engine and
with a simple url string (e.g. fmpro?-format=-dso_xml&-dbnames) you can then
view all the published databases, then you can drill down and view and
execute the scripts in the database and you can view all the data stored in
the database.

What I would like to do is filter the query string, so each time dso_xml is
found in the URL I would like to redirect to a 404 page.  I have looked at
URLScan but I can't seem to get it to filter my url strings.

Can anyone give me any suggestions?

TIA

PS. Upgrading to Filemaker 8 is a major project and will take months to
complete as the whole database system has been rebuilt and switching
database products will not happen.

[ Post a follow-up to this message ]

Most Popular forums

Apache Server	MySQL for Windows	Sendmail
Red Hat Networking	SuSe Linux	Debian Linux
FreeBSD administration	Sun Solaris administration	Unix Shell programming
WebSphere Portal Server	Exchange 2000 administration	PostgreSQL administration
Linux Security	Computer Security	Firewalls

Forum Jump:

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF

Medical and Health forum | Computer Games Reviews | Graphics design forum

Automated OffSite Backup	Shopping Cart Software
Data Recovery	tattoos
RAM Memory Upgrades	Moving Companies

Syndicate this forum via XML or simple JavaScript feed

Home | Usercp | Faq | Register