Re: [klug] sql injection

hard wyrd Thu, 02 Nov 2006 16:55:21 -0800

SQL Injection is basically circumventing a laid out process with perfectly valid 'alternative' route that the information will take to be submitted to the online database. This is not necessarily a bug but rather a 'diversion' or a trick. I got exposed to this kind of trick when I was experimenting with MU Online private servers before.

This can be circumvented by properly implementing your scripting when dealing with SQL. Properly asserting the code and checking the inputted data before submitting to the server will be able to prevent this type of attack. But then again a lot of webdevs and coders seldom implement rigorous input checking before passing the data off to servers.

My 1 cent.

On 11/2/06, Earl Lapus <[EMAIL PROTECTED]> wrote:

kinda old but still a lot of people forget these things...
http://www.joelonsoftware.com/items/2006/11/01.html

--
There are seven words in this sentence.
_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph )
Searchable Archives: http://archives.free.net.ph

--
"A dog that has no bite, barks loudest."
0x68 0x61 0x72 0x64 0x77 0x79 0x72 0x64
68 74 74 70 3A 2F 2F 62 61 75 64 69 7A 6D 2E 62 6C 6F 67 73 6F 6D 65 2E 63 6F 6D
68 74 74 70 3a 2f 2f 77 77 77 2e 68 61 72 64 77 79 72 64 2e 6e 65 74 2e 74 63
Registered Linux User #400165
'nuff said...

_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph

Re: [klug] sql injection

Reply via email to