I've been asked to test our sites security and one of the tests is to check whether Umbraco has any built in protection to guard against a user encoding a connection to the database in the content area and then viewing the page thereby executing the script? Obviously they'd need to know the databases username and password first.
Does anybody know if Umbraco has any in built protection against this?
Scripting tags entered directly in the CMS
Hi,
I've been asked to test our sites security and one of the tests is to check whether Umbraco has any built in protection to guard against a user encoding a connection to the database in the content area and then viewing the page thereby executing the script? Obviously they'd need to know the databases username and password first.
Does anybody know if Umbraco has any in built protection against this?
Thanks,
Craig
is working on a reply...