MySQL Forums
Forum List  »  Newbie

Re: SQL Injection
Posted by: Pete Wilson
Date: December 01, 2009 04:14AM

>> I'm still waiting for a real world example.

> You don't say? Took me one google search to find examples.

One such search gives results here:

http://tinyurl.com/y9ad3pv

But don't all of these examples arise from IMproperly-written code. Can there be examples of the vulnerabilities of properly-written code? It seems like properly-written code is by definition immune from insertion attacks. Why is that? Because properly-written code observes Rule #1:

Never trust user input.

We accept that Rule #1 applies to every application, written in whatever language (or framework, like HTML), that accepts user input. IOW it's the application that's deficient, not the language. No big news to the OP or anyone else.

Don't we also know the elementary, vanilla ways to defend against insertion attacks, to make user input trustworthy:

1. apply a whitelist; and
2. escape everything.

So: are there attacks that defeat these two methods? With examples, natch :-)

-- pete

Options: ReplyQuote


Subject
Written By
Posted
November 28, 2009 10:43AM
November 28, 2009 11:48AM
November 29, 2009 09:32AM
November 30, 2009 12:21PM
November 29, 2009 12:03AM
November 29, 2009 09:49AM
November 29, 2009 11:59AM
November 29, 2009 01:37PM
November 29, 2009 02:36PM
November 29, 2009 03:09PM
November 30, 2009 08:45AM
November 30, 2009 09:51AM
November 30, 2009 10:17AM
November 30, 2009 08:39AM
November 30, 2009 10:55AM
November 30, 2009 11:34AM
Re: SQL Injection
December 01, 2009 04:14AM
January 18, 2010 11:49AM
January 18, 2010 12:10PM
January 18, 2010 12:10PM
January 18, 2010 12:07PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.