Re: JHacker

Tue, 24 Apr 2001 08:58:46 -0700 

Do any of you use to input data coming from an HTML form into a database
without filtering ? Very often this data is to be output sooner or later in
an HTML page. So, forgetting to filter for character such as ', ", < or &
will undoubtly lead to trouble. And even without crackers, forgetting to
filter data before inputing in the database will probably cause problems if
it contains ' or ". I presume that in most cases, a servlet inputing data in
a database without filtering simply won't work. So there are few chances
that a cracker will find a working ewample to experiment with.

Pierre-Yves


-----Message d'origine-----
De : A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED]]De la part de elliott ...
Envoy� : mardi 24 avril 2001 17:14
� : [EMAIL PROTECTED]
Objet : Re: JHacker


also its a good habit to filter out !'s if your running *nix, so thers no
chance of someone shelling out a "rm -rf /" or something of that sort..
>Check out this link , it talks about the dangers of
>improper input validations.
>
>http://livin4.com/jhacker/jh1.htm
>
>
>
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Auctions - buy the things you want at great prices
>http://auctions.yahoo.com/
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html



Get your FREE download of MSN Explorer at http://explorer.msn.com

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST". Archives:
http://archives.java.sun.com/archives/servlet-interest.html Resources:
http://java.sun.com/products/servlet/external-resources.html LISTSERV Help:
http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to