WebApp Sec mailing list archives
Re: ISA Server and SQL Injection
From: Tim Hoolihan <tim.hoolihan () gmail com>
Date: Thu, 17 Feb 2005 10:06:26 -0500
Not over SSL
Here's an idea for a way around that. ISA server can handle the SSL certificate, so traffic is SSL right up to ISA server, then on the internal path to the server, trafffic could be unencrypted and pass through an application filter that handled checking for sql injection. Just a theory though... -Tim On Mon, 14 Feb 2005 19:05:34 +0100 (CET), Rafael San Miguel <smcsoc () yahoo es> wrote:
Hi all, ¿Has anyone tested ISA Server 2004 against SQL Injection attacks? I mean, ¿can it protect from this type of vulnerability? Thanks in advance. Greetings, Rafael San Miguel Carrasco
Current thread:
- ISA Server and SQL Injection Rafael San Miguel (Feb 14)
- Re: ISA Server and SQL Injection Tim Hoolihan (Feb 17)
- <Possible follow-ups>
- RE: ISA Server and SQL Injection John Steer (Feb 15)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 16)
- Re: ISA Server and SQL Injection Bogdan Tomchuk (Feb 16)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
- Re: ISA Server and SQL Injection Bogdan Tomchuk (Feb 17)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
- RE: ISA Server and SQL Injection Marty Block (Feb 19)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 16)
- Re: ISA Server and SQL Injection fantomas (Feb 28)
- Re: ISA Server and SQL Injection Darren Bounds (Feb 16)