[nycphp-talk] Injection Attack, any ideas?
tedd
tedd at sperling.com
Mon Nov 12 12:23:46 EST 2007
> > Any ideas about how I can reproduce this problem would greatly
>> appreciate and any suggestions about how to fix it would be even more
>> greatly appreciated. 8-)
>>
>> Thanks for your attention.
>>
>>
>> --
>> Best regards,
> > mikesz mailto:mikesz at qualityadvantages.com
>>
Scrub and clean all user input.
My understanding -- nothing can get in unless you allow it (barring
server breaches).
Here's an example of js injection:
http://webbytedd.com/bb/insecure-form/
SQL injection (as I understand it) is simply allowing the user to
prepare (in part) the SQL query. Scrub and clean user input and
prepare the query yourself as per what you will allow.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
More information about the talk
mailing list