Firewall Wizards mailing list archives
Re: preventing XSS and SQL injection?
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Fri, 3 Jun 2005 03:27:04 +0530
On 02/06/05 17:08 +0400, ArkanoiD wrote:
nuqneH, Are there any hints on preventing cross-site scripting attacks and SQL injection on proxy firewall by, say, applying some regexps on url data?
XSS primarily uses ECMAscript and/or VBscript as attack vectors to attack the browser. SQL injection is a server side attack. It has nothing to do with XSS other than being one of the most popular HTTP based attacks. So for client applications (browsers, etc), just strip the ECMAscript. Trying to defend remote servers from SQL injection attacks from your clients promises to be hard (if not impossible). Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? David Thiel (Jun 02)
- Re: preventing XSS and SQL injection? Devdas Bhagat (Jun 02)
- <Possible follow-ups>
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- RE: preventing XSS and SQL injection? Behm, Jeffrey L. (Jun 02)
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)