Secure Coding mailing list archives
Re: Scripting Languages and Secure Coding + code
From: securecodingorg () nuvisions ch
Date: Fri, 05 Dec 2003 02:52:06 +0000
On Thursday 04 December 2003 16:34, Jeremy Thibeaux wrote:
Imagine if the user entered: "someuser' OR username ='someuser" for $username. Your SQL statement would turn out:
Hey, if you're using SQL there, the user may just enter '%' or any other wilcard char, which makes it a lot easier. When testing you'll find that this works with just too many apps.
Current thread:
- RE: Scripting Languages and Secure Coding + code, (continued)
- RE: Scripting Languages and Secure Coding + code Dave Paris (Dec 04)
- Re: Scripting Languages and Secure Coding + code Andrew Rucker Jones (Dec 04)
- Re: Scripting Languages and Secure Coding + code Paul R. C. Ming (Dec 04)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 05)
- RE: Scripting Languages and Secure Coding + code Dave Paris (Dec 07)
- Re: Scripting Languages and Secure Coding + code ck (Dec 08)
- Re: Scripting Languages and Secure Coding + code ck (Dec 08)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 09)
- Re: Scripting Languages and Secure Coding + code Carsten Kuckuk (Dec 09)
- Re: Scripting Languages and Secure Coding + code securecodingorg (Dec 04)
- Re: Scripting Languages and Secure Coding + code Jeremy Thibeaux (Dec 04)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 04)
- Re: Scripting Languages and Secure Coding der Mouse (Dec 04)
- Re: Scripting Languages and Secure Coding Louis Solomon [SteelBytes] (Dec 05)
- Re: Scripting Languages and Secure Coding ljknews (Dec 06)