FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Lilupophilupop
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Lilupophilupop [message #176441 is a reply to message #176440] Sat, 07 January 2012 13:15 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 1/7/2012 7:15 AM, M. Strobel wrote:
> Hi,
>
> there is currently a strong SQL injection attack going on, I find
> https://isc.sans.edu/diary.html?storyid=12127 very instructive.
>
> A page down it says "In this instance the PAGEID=189 parameter on
> page xxxxxxxx.asp is vulnerable".
>
> Now this should not happen. If you expect an integer, use your
> integer-read function!
>
> But it happens all the time. If you use tools/4GLs/CMSses you
> have to trust them, of course.
>
> /Str

Validating all input from the user is just good programming practice.
Nothing new here - it just shows there are a lot of programmers out
there unconcerned with security.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Running function in the background?
Next Topic: Magic quotes? Should I still be cautious?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 16:09:56 GMT 2024

Total time taken to generate the page: 0.04155 seconds