FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Lilupophilupop
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Lilupophilupop [message #176442 is a reply to message #176440] Sat, 07 January 2012 13:28 Go to previous messageGo to previous message
Gregor Kofler is currently offline  Gregor Kofler
Messages: 69
Registered: September 2010
Karma:
Member
Am 2012-01-07 13:15, M. Strobel meinte:
> Hi,
>
> there is currently a strong SQL injection attack going on, I find
> https://isc.sans.edu/diary.html?storyid=12127 very instructive.
>
> A page down it says "In this instance the PAGEID=189 parameter on
> page xxxxxxxx.asp is vulnerable".
>
> Now this should not happen. If you expect an integer, use your
> integer-read function!

And? This should be common practice for any web application developer.
Nothing new here.

> But it happens all the time. If you use tools/4GLs/CMSses you
> have to trust them, of course.

How can I "trust" (or "mistrust") 4GLs? And no - I don't have to and
don't trust stock CMS' when it comes to security issues. Particularly
with their plethora of plugins.

Gregor


--
http://vxweb.net
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Running function in the background?
Next Topic: Magic quotes? Should I still be cautious?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 18:25:55 GMT 2024

Total time taken to generate the page: 0.07672 seconds