Hello,
while surfing on the net I've found a few articles about
web based appliction security and a dedicated site:
Open Web Application Security Project
where I read this article:
http://www.owasp.org/projects/asac/iv-sqlinjection.shtml
I'd love to know your position on writing a short section
about "SQL injection and others" in security.xml, something
similar has already done for filesystem security.
It aims to be an introduction into the very basics of PHP
related database security and vulnerability, because:
" the strongest and most significant feature of PHP is
" its support for a wide range of databases. Writing
" a database-enabled web page is incredibly simple.
[from the manual :)]
IMHO, it's indeed incredible simple, but users must be aware
of this attacking technique, too. What do you think?
I have further examples and some avoiding techniques, and
hopefully you may also share your valuable knowledge about
this topic.
Papp Gyozo
- [EMAIL PROTECTED]