Re: SQL Injection Basics

["dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>]

> In 'Solid Software' (Pfleeger et al), they make reference to 'Logical
> Firewalls', which closely describes this concept from a software POV.
> (page 138).
>
> http://www.amazon.com/exec/obidos/tg/detail/-/0130912980
Yes and at least as early as 
September 1, 1991 in Building Internet Firewalls describes this 
concept and the associated Application proxies. Which this is 
really a dirivative of. We find as well IIR that boundary 
filtering was referred to or simular wording as early as the 
Original Firewall 1 list at least. Ala Chris Breton IIR. 
a thread we had. The important thing is that applications 
are filtered in some way. Conceptionally this is really 
a rehash of application proxies. Since AFAIK and I am not a 
SQL security guru or anything. But we are interested in 
controlling data input from the client and sanitizing it 
pre injection into the .db. This while preserving the 
intent of the query or field if valid reducing the risk 
of data poisoning due to tainted values being injected
into our perfectly good database? whew. ;-) This whereby 
we create a 'boundary' that filters between the client
application and the database server. This acting as a 
intuitive middleman for interactions. We 'filter' these 
results or if you like data entry. Well that is what
the job of a application proxy is by definition. 
AND | && | & I was not refering to MSProxy of something
that says it is one and is not really doing the job
it was implied to do. Sending directly to the list
as it takes less finger movement and their getting 
tired.:-)

Best Regards,
dreamwvr () dreamwvr com


-- 
/*  Security is a work in progress - dreamwvr                 */
#                                                             
# Note: To begin Journey type man afterboot,man help,man hier[.]      
#                                                             
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]