Hi all,

I've run into a small wall with the site i'm currently testing on the security front
the site makes use of activex and msadc/rds heavily and im not 100% of how msadc/rds works with the backend DB.

one thing i have noticed is that upon the userlogon page, the POST function sends back , what seems to be unicode, thus encoding the username/password in the process.
if i wanted to test all aspects of the asp pages with regards to forcing errors on behalf of the calls they make to the DB, does anyone have any tips with doing that

it seems that there is a distinct lack of info out there on activex security, so any pointers would be greatly appreciated