Curtis Poe wrote: > > There are other reasons, too. Just today, I was asked to break a version of a Web >site we were > about to publically release. It took me 5 minutes to find a security hole and >demonstrate that I > could execute any arbitrary SQL against our database by passing it through the URL >(it's easier > than one might think for many sites). Fortunately, that stopped this code from >moving out, but > the programmer who wrote the code explained that hackers would first have to know >the names of the > tables they were affecting and thus, things were secure. that sounds more like an excuse than an explanation. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
