FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176442 is a reply to message #176440]

Sat, 07 January 2012 13:28

Gregor Kofler
Messages: 69
Registered: September 2010

Karma:

Member

Am 2012-01-07 13:15, M. Strobel meinte:
> Hi,
>
> there is currently a strong SQL injection attack going on, I find
> https://isc.sans.edu/diary.html?storyid=12127 very instructive.
>
> A page down it says "In this instance the PAGEID=189 parameter on
> page xxxxxxxx.asp is vulnerable".
>
> Now this should not happen. If you expect an integer, use your
> integer-read function!

And? This should be common practice for any web application developer.
Nothing new here.

> But it happens all the time. If you use tools/4GLs/CMSses you
> have to trust them, of course.

How can I "trust" (or "mistrust") 4GLs? And no - I don't have to and
don't trust stock CMS' when it comes to security issues. Particularly
with their plethora of plugins.

Gregor

--
http://vxweb.net

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 19:48:25 GMT 2024

Total time taken to generate the page: 0.04393 seconds