|
Posted by Erland Sommarskog on 02/25/06 00:51
Kevin Audleman (audleman@quasika.net) writes:
> I am using a hosted MSSQL 2000 database that powers the backend of my
> website. Website visitors interact with it via ASP pages I have
> developed. I also have an internal FileMaker 7 database that
> periodically synchs with it via Filemaker's ODBC functionality.
>
> Several times now, I have come in one day to discover that my ASP pages
> don't work. When I look into it, one of my MSSQL tables will be missing
> a few fields. There is nothing in any of my code that sends an ALTER
> TABLE command or any other command that affects table structure. These
> deletions of fields is totally random.
>
> The most recent example was with a table called FreeTeacherSubs. I just
> discovered today that three fields went missing:
>
> HowDidYouHearAboutYES TEXT
> FollowUpCallOrEmail TEXT
> HowMaterialsFit TEXT
>
> Suffice to say I am baffled! Has anyone ever experienced fields
> disappearing from their tables?
One possbility is that the hosting company for some reason restored a
backup. In this case, the columns would be the most recently added.
Jennifer suggested SQL injection, and indeed, if you build your SQL
statements entirely dynamically, and don't parameterise them, your
site could be open to SQL injection. In this case an attacker drops
columns, because, well, he feels like it.
That Filemaker thing you mentioned, what synchs with what. Does your
database sync with Filemaker? In such case, if it synchs the schema
could that have effects?
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
[Back to original message]
|