On Tue, Dec 13, 2005 at 06:33:47AM +0000, Duncan Hill wrote: > The methods to defeat this, to the best of my knowledge, include limiting the > privileges of the web script user (or any user) to only do what they need to > do. So if the script only needs to select data, don't give it any rights I believe using bind variables whenever possible also helps prevent this attack.
-Jason Martin -- S met ing's hap ening t my k ybo rd . . This message is PGP/MIME signed.
pgpBcno4Qf3S7.pgp
Description: PGP signature
