--- Gunther Birznieks <[EMAIL PROTECTED]> wrote:
> There's actually quite a bit of interesting stuff out there that has really
> only been "discovered" and publicized at all in the last year or two. Null
> byte is another huge issue few Perl programmers seem to know
> about/understand as it aff
e open() command in a subtle way yet
I think it is not described in perldoc perlsec (it seems mostly focused on
tainting and general validation issues).
>joel
>
>-Original Message-
>From: Gunther Birznieks [mailto:[EMAIL PROTECTED]]
>Sent: 02 September 2001 01:15
>To:
le to this kind of attack in contrasts to, say,
using stored procedures.
I enjoyed reading your post :-)
joel
-Original Message-
From: Gunther Birznieks [mailto:[EMAIL PROTECTED]]
Sent: 02 September 2001 01:15
To: yahoo; [EMAIL PROTECTED]
Subject: RE: Is it a security risk to use identical
At 02:29 PM 8/31/2001 +0100, yahoo wrote:
>nah!
>
>what difference does it make?
>
>I mean, if they guy gets access to your DB server then he's gonna find out
>the fieldnames anyway!
>
>If he can't get access to your DB then what has he got?, a few POSSIBLE DB
>field names (i mean, how does HE kno
nah!
what difference does it make?
I mean, if they guy gets access to your DB server then he's gonna find out
the fieldnames anyway!
If he can't get access to your DB then what has he got?, a few POSSIBLE DB
field names (i mean, how does HE know the names are real?) for him to
attempt to recrea
At 01:55 PM 8/31/2001 -0700, Curtis Poe wrote:
>--- "Michael R. Fahey" <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I was looking at a perl script where the developer used different names
> > for the incoming parameters and the database field names. He told me
> > that this was done for security rea
--- "Michael R. Fahey" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I was looking at a perl script where the developer used different names
> for the incoming parameters and the database field names. He told me
> that this was done for security reasons-- to ensure that malicious users
> would not be able
"Michael R. Fahey" wrote:
>
> I was looking at a perl script where the developer used different names
> for the incoming parameters and the database field names. He told me
> that this was done for security reasons-- to ensure that malicious users
> would not be able to discover the field names i
