Re: securing web form interaction

2005-02-16 Thread Octavian Rasnita
the security string letter by letter. I think it is not very complicated to create that kind of file. Teddy - Original Message - From: ben syverson [EMAIL PROTECTED] To: modperl@perl.apache.org Sent: Tuesday, February 15, 2005 10:33 PM Subject: Re: securing web form interaction On Feb 15

Re: securing web form interaction

2005-02-16 Thread Arshavir Grigorian
ben syverson wrote: On Feb 15, 2005, at 12:02 PM, Jonathan Vanasco wrote: preemptive defense of potential SQL injection attacks Check out mod_security http://www.modsecurity.org -- it has this built-in. (There's an intro here: http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html,

securing web form interaction

2005-02-15 Thread Jonathan Vanasco
Can anyone give me some tips for securing web form interaction? I'm looking specifically for 2 things: preemptive defense of potential SQL injection attacks 'human only' readable gifs on forms to preemtively defent against bots without using some crazed throttling scheme

Re: securing web form interaction

2005-02-15 Thread Sean Davis
On Feb 15, 2005, at 1:02 PM, Jonathan Vanasco wrote: Can anyone give me some tips for securing web form interaction? I'm looking specifically for 2 things: preemptive defense of potential SQL injection attacks See CGI::Untaint on CPAN for routine untainting. Sean

RE: securing web form interaction

2005-02-15 Thread Adam Prime x443
Can anyone give me some tips for securing web form interaction? I'm looking specifically for 2 things: preemptive defense of potential SQL injection attacks $dbh-quote() everything you can.

RE: securing web form interaction

2005-02-15 Thread Adam Prime x443
that too, assuming that your DBD supports them. -Original Message- From: Ian Joyce [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 2:09 PM To: Adam Prime x443 Cc: Mod-Perl ((E-mail)) Subject: Re: securing web form interaction On Tue, 15 Feb 2005 14:07:22 -0500, Adam Prime

Re: securing web form interaction

2005-02-15 Thread Octavian Rasnita
Don't forget to create a sound file also that will contain the pass phrase, because otherwise the blind visitors won't be able to use your site.

Re: securing web form interaction

2005-02-15 Thread Octavian Rasnita
: Mod-Perl ((E-mail)) modperl@perl.apache.org Sent: marti, 15 februarie 2005 21:09 PM Subject: Re: securing web form interaction On Tue, 15 Feb 2005 14:07:22 -0500, Adam Prime x443 [EMAIL PROTECTED] wrote: $dbh-quote() everything you can. Or make it easy on yourself and just use placeholders

Re: securing web form interaction

2005-02-15 Thread ben syverson
On Feb 15, 2005, at 1:20 PM, Octavian Rasnita wrote: Don't forget to create a sound file also that will contain the pass phrase, because otherwise the blind visitors won't be able to use your site. Wow -- this is a great idea -- do have any links to sites which implement this? I'd like to see

Re: securing web form interaction

2005-02-15 Thread Ron Savage
Hi Folks I usually use placeholders in DBI. Is this enough for avoiding SQL injections? Keywords: Inject, SQL,