Oh yeah. Guess I had a mental lapse there. If you are using, say, a
script downloaded from freshmeat.net and it happens to be poorly secured
then obviously the entire free world is going to know how to exploit your
copy of itduh
Actually that's exactly what I had in mind.
2. Please enter your age: 25; drop database mysql
Does this actually work?
[...]
So I decided I had to test this: I wrote the code exactly as in the
example; I provided the exact dangerous input (well, to be honest, I
tried a select instead of drop mysql). When I tried it, the presumably
At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote:
I've done something similar in the past just for kicks, and I got the same
result you did (i.e. an error). I believe this is because mysql_query()
expects ONE query at a time and will break if you send two or more. I
could be
At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote:
I've done something similar in the past just for kicks, and I got the same
result you did (i.e. an error). I believe this is because mysql_query()
expects ONE query at a time and will break if you send two or more. I
could be
Philip Hallstrom wrote:
A definite possibility, but it does depend on the hacker in question
knowing exactly how your script is written...
True, but in a shared hosting environment this is very likely.
...not to mention open source code. However, the discussion was indeed oriented
towards
how does one prevent a hacker deleting tables or what not?
This is a topic I do not know enough about, thanks for opening my eyes to
this matter
joel
Well, the official point is rather obvious from my original e-mail. What I
personally do is either forget about it -- again, see the original e-mail --
or, if for some reason high security is needed, I simply add 0 (zero) to
numeral input fields and addslashes to strings.
Bogdan
[EMAIL
At 04:26 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
Philip Hallstrom wrote:
A definite possibility, but it does depend on the hacker in question
knowing exactly how your script is written...
True, but in a shared hosting environment this is very likely.
...not to mention open source
True, but in a shared hosting environment this is very likely.
...not to mention open source code.
Oh yeah. Guess I had a mental lapse there. If you are using, say, a
script downloaded from freshmeat.net and it happens to be poorly secured
then obviously the entire free world is going
At 04:51 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
True, but in a shared hosting environment this is very likely.
...not to mention open source code.
Oh yeah. Guess I had a mental lapse there. If you are using, say, a
script downloaded from freshmeat.net and it happens to be
]
Subject: Re: [PHP] Re: Mommy, is it true that...?
At 04:51 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
True, but in a shared hosting environment this is very likely.
...not to mention open source code.
Oh yeah. Guess I had a mental lapse there. If you are using, say, a
script
Freshmeat.net is a very popular database of linux software and includes a
wide variety of PHP scripts. My point was that if you downloaded an
insecure script from such a popular site then you are asking for trouble
because chances are thousands of would-be hackers have ALSO downloaded the
At 11:28 PM 12/20/2001 -0500, Billy Harvey wrote:
Freshmeat.net is a very popular database of linux software and includes a
wide variety of PHP scripts. My point was that if you downloaded an
insecure script from such a popular site then you are asking for trouble
because chances are
...
-Original Message-
From: Michael Sims [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 3:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: Mommy, is it true that...?
At 11:28 PM 12/20/2001 -0500, Billy Harvey wrote:
Freshmeat.net is a very popular database of linux software and includes
14 matches
Mail list logo