PaulDotCom mailing list archives

Re: SQL cheat sheat

From: Leon Jacobs <leonja511 () gmail com>
Date: Mon, 20 May 2013 05:50:39 +0200

On Sat, May 18, 2013 at 5:13 PM, Philip Green <pg () givetechback org> wrote:

Hello PaulDotCom mailing list!

I have a group of programmers working on a site and really, I know more
about breaking into stuff than defending.


What do you guys think the most important thing(s) to tell programmers
when they are coding a database to try and prevent SQL injection
attacks occurring?


Any website links would really help as well.


Thanks in advance.


Trust no user input, whatsoever. Eg: If you are expecting a number, and its
not a number, start a fire and burn the client computer :)

But, to stay on topic w.r.t. the message subject, I'll suggest you have a
look at:
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
In general, if you have the time, check out the rest of owasp.org. It is
sure to proof to have a lot of value to you.

Have fun.

-- 
Regards
Leon Jacobs

Sent using electronic mail ツ

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

SQL cheat sheat Philip Green (May 18)
- Re: SQL cheat sheat allison nixon (May 20)
- Re: SQL cheat sheat Bill Swearingen (May 20)
- Re: SQL cheat sheat Youssef Rebahi-Gilbert (May 20)
- Re: SQL cheat sheat Jamil Ben Alluch (May 20)
- Re: SQL cheat sheat Leon Jacobs (May 20)
- Re: SQL cheat sheat Matt Konda (May 20)
- Re: SQL cheat sheat Patrick Laverty (May 20)
- Re: SQL cheat sheat Michael Allen (May 20)
- Re: SQL cheat sheat Guillaume Ross (May 21)
- Re: SQL cheat sheat Joel Gunderson (May 22)
- <Possible follow-ups>
- Re: SQL cheat sheat Ty Purcell (May 20)
  - Re: SQL cheat sheat Bruce Barnett (May 20)