Re: [ITCENTER] Mohon Tips Pengamanan Website dari SQL Injection

Wed, 05 Sep 2007 23:01:41 -0700 

yup...a very predictable reply.

just keep living in your fake dream but watch out.
reality does bite!


On 9/6/07, Muhadly Acho <[EMAIL PROTECTED]> wrote:
>
> > LMFAO...seperti yg saya duga.
> ===============================
> Yes, I'm laughing your FA now.. :D
>
>
> > hehe...saya perlu belajar ilmu yg ditunjukin di atas yaitu: ilmu ngeles.
> > sudah jelas di post anda sebelumnya anda menyarankan filter sql keywords
> spt
> > drop, truncate, dll.
> > anda juga mengatakan query filter (padahal filter juga salah, yg benar
> itu
> > escaping characters)
> > bisa di ganti dengan db privilege utk masalah ini.
> ========================================================
> Lihat post saya sebelumnya, dibagian script yg saya kasih:
>
> $arrstring = array ("insert", "select", "update", "delete",
> "truncate","replace", "drop", " or ", ";", "#", "--", "=" );
>
>
> Disini saya ngga cuma menyaring sql command, tapi juga character2 spt
> [--] dan [;]
> Sekarang, siapa yang ngeles? anda sendiri men-judge saya ngga faham
> betul sejauh mana peran db privillages dalam mengatasi SQL injection,
> lalu saya tanya anda, apa yg bisa dilakukan SQL injection jika
> privillagesnya di batasi? Anda ngga jawab, malah berseru kalau saya
> tukang ngeles..
>
> satu lagi, bagian mana yg saya bilang "QUERY FILTER" ?? saya ngga
> pernah bilang Query Filter, saya bilang String Filter... Look
> Einstein, baca dulu yg bener.
>
> well, ini namanya diskusi bung. Bukan masalah ngeles atau menang atau
> kalah. Anda harus tau itu.
>
>
> --
> www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
> Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
>
>
> Yahoo! Groups Links
>
>
>
>


[Non-text portions of this message have been removed]



-- 
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia 
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ITCENTER/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/ITCENTER/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Kirim email ke