Roland,
This is a big question.
Yes and maybe/doubtful.
Anytime you have users entering information into a DB, there are
possibilities of them putting in unexpected content. Even a chat room,
someone could enter in profanities and upset other users.
Let's get a little more extreme here and
Hi Roland,
This is very unlikely; it is more likely that they would try to add sql
statements in the input field.
First of the data type constraints off the database field would probably
either prevent the saving of the offensive code and will most likely
truncate it.
Even if there is
Must reading:
http://www.owasp.org/documentation/topten.html
Welcome to the OWASP Top Ten Project
The OWASP Top Ten provides a minimum standard for web application
security. The OWASP Top Ten represents a broad consensus about what the
most critical web application security flaws are. Project
I want the SHORT answer, something like:
A.) If you use witango, a browser-sumitted piece of coding can't affect the
database, witango, or a visitor who searches and gets the record with the
code.
B.) Holy s**t!: You're an idiot of you doing have a layer in front of a
submit that searches and
I flunked proofreading
This option:
On 9/22/04 8:52 AM, Roland Dumas [EMAIL PROTECTED] wrote:
B.) Holy s**t!: You're an idiot of you doing have a layer in front of a
submit that searches and kills anything that looks like this.
Should read:
B.) Holy s**t!: You're an idiot if you don't
-
From: Roland Dumas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 22, 2004 5:52 PM
Subject: Re: Witango-Talk: Security question
I want the SHORT answer, something like:
A.) If you use witango, a browser-sumitted piece of coding can't affect
the
database, witango
ly this security issue.
Hope this helps.
Gauthier
- Original Message -
From: "Roland Dumas" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 22, 2004 5:52 PM
Subject: Re: Witango-Talk: Security question
I want the SHORT answer, something like:
A.) If y
Sorry, but you forgot the
it should read... :-)
Should read:
B.) Holy s**t!: You're an idiot if you don't have a layer in front of a
new record or update that searches and kills anything that looks like
this.
I flunked proofreading
This option:
On 9/22/04 8:52 AM, Roland Dumas [EMAIL
Title: Re: Witango-Talk: Security question
Im slow here. Does this mean that if there is a SQL query in a DirectDBMS Action that its protected by this bind dust? Or just New Record and Update Actions?
On 9/22/04 11:34 AM, Sri Amudhanar [EMAIL PROTECTED] wrote:
One of the lesser talked about
:
Re: Witango-Talk: Security question
Im slow here. Does this mean that if there is
a SQL query in a DirectDBMS Action that its protected by this bind dust?
Or just New Record and Update Actions?
On 9/22/04 11:34 AM, "Sri Amudhanar" [EMAIL PROTECTED] wrote:
One of the les
Reseller
Authorized Pervasive, Cisco, HP, Thawte Reseller.
Roland Dumas wrote:
Re: Witango-Talk: Security question
Im slow here. Does this mean that if there is a
SQL query in a DirectDBMS Action that its protected by this bind dust? Or
just New Record and Update Actions
11 matches
Mail list logo