On Mon, Mar 03, 2008 at 09:06:43AM +0200, Dotan Cohen wrote:
> On 03/03/2008, Andrew Sackville-West <[EMAIL PROTECTED]> wrote:
> 
> >  sql injections are 'data' trying to be executable, aren't they? I know
> >  that generally folks aren't trying to "open" sql "attachements"
> >  (whatever the hell that might mean) from mutt...
> 
> No, SQL injection is 'data' trying to run unauthorized queries on the 
> database:
> http://what-is-what.com/what_is/sql_injection.html

for some definition of executable. It's data doing something besides
just sitting there being data, but it's a semantic point. I think
we're in agreement that lack of root access only an impediment, not a
preventative.

A

Attachment: signature.asc
Description: Digital signature

Reply via email to