I diagree on point 1. If you warn your members that their password is
insecure, and if you e-mail out passwords anyway, there's no reason
not to have a secure password. Many people I know use an insecure
password for many things, from silly required free registration sites
(go ahead, break
Hi
A user was able to log into my site using:
1' and '1' or '1
in the username and password box.
I ran the query
SELECT * FROM members WHERE name = '1' and '1' or '1' AND password = '1' and
'1' or '1'
And it returned all rows. Can someone explain to me why this happens, and if
the steps I
The Innovation Hub - Hotel Street
Lynnwood, Pretoria, 0087
The are 10 kinds of people, those who
understand binary and those who don't
-Original Message-
From: Critters [mailto:[EMAIL PROTECTED]
Sent: 10 May 2006 10:53 AM
To: mysql@lists.mysql.com
Subject: 1' and '1' or '1
Hi
A user was able
Quoting Critters ([EMAIL PROTECTED]):
SELECT * FROM members WHERE name = '1' and '1' or '1' AND password = '1' and
'1' or '1'
And it returned all rows. Can someone explain to me why this happens,
and if the steps I took (replacing the ' with a blank space when the
user submits the login
On Wednesday 10 May 2006 09:53, Critters wrote:
Hi
A user was able to log into my site using:
1' and '1' or '1
in the username and password box.
I ran the query
SELECT * FROM members WHERE name = '1' and '1' or '1' AND password = '1'
and '1' or '1'
And it returned all rows. Can someone
://www.databasedevelopmentforum.com
Hi
A user was able to log into my site using:
1' and '1' or '1
in the username and password box.
I ran the query
SELECT * FROM members WHERE name = '1' and '1' or '1' AND password = '1' and
'1' or '1'
And it returned all rows. Can someone explain to me why this happens
At 9:53 +0100 10/5/06, Critters wrote:
A user was able to log into my site using:
1' and '1' or '1
in the username and password box.
I ran the query
SELECT * FROM members WHERE name = '1' and '1' or '1' AND password =
'1' and '1' or '1'
And it returned all rows.
Interesting - I found just
for a brief explanation and several
links to further info.
http://en.wikipedia.org/wiki/SQL_injection
/Johan
Critters wrote:
Hi
A user was able to log into my site using:
1' and '1' or '1
in the username and password box.
I ran the query
SELECT * FROM members WHERE name = '1' and '1' or '1
Tahnks all for your responses (so many) I am reading up on it now
--
Dave
- Original Message -
From: Johan Lundqvist [EMAIL PROTECTED]
To: mysql@lists.mysql.com
Sent: Wednesday, May 10, 2006 10:26 AM
Subject: Re: 1' and '1' or '1
Hi Dave,
1st: Never, never, never store passwords
weird... about 1:! generalization and 1:m non identifying...
I think that these examples can make it better to understand some of
those terms... I am quoting from Database Systems -- Design,
Implementation Management fouth edition by Rob Coronel (page 23)
Conceptual Modules use three types
Hi All,
I've been taking a look at DB Designer 4, and looking through the
documentation (http://www.fabforce.net/dbdesigner4/doc/index.html) I am a
little unclear on some of their nomenclature:
'1:1' - Ok, one to one. Got it.
'1:1' generalization - Don't know this. Obviously different
11 matches
Mail list logo