WebApp Sec mailing list archives

Re: ISA Server and SQL Injection

From: fantomas <fantomas119 () gmail com>
Date: Fri, 25 Feb 2005 12:28:43 +0700

Now,there are many people use SQL query to get acess in website to
find information of consumer but i find it difficult to against that.


On Wed, 16 Feb 2005 18:34:34 +0100, Bogdan Tomchuk
<bogdan.tomchuk () polytechnique fr> wrote:

I'm not sure any firewall would stop a SQL Injection attack.

Web application firewall can do this. They filter http content.


No, they cannot do it either. Problem is the same: By seeing URL you have no
reliable way to say which parameter will be used in SQL query and how
(with/without transformation). Only application knew it.



-- 
FA

Current thread:

ISA Server and SQL Injection Rafael San Miguel (Feb 14)
- Re: ISA Server and SQL Injection Tim Hoolihan (Feb 17)
- <Possible follow-ups>
- RE: ISA Server and SQL Injection John Steer (Feb 15)
  - Re: ISA Server and SQL Injection Matthieu Estrade (Feb 16)
    - Re: ISA Server and SQL Injection Bogdan Tomchuk (Feb 16)
    - Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
    - Re: ISA Server and SQL Injection Bogdan Tomchuk (Feb 17)
    - Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
    - RE: ISA Server and SQL Injection Marty Block (Feb 19)
    - Re: ISA Server and SQL Injection fantomas (Feb 28)
- RE: ISA Server and SQL Injection Hofmeyr, Michael (ZA - Johannesburg) (Feb 15)
  - Re: ISA Server and SQL Injection Darren Bounds (Feb 16)
- RE: ISA Server and SQL Injection charles freeman (Feb 16)
- RE: ISA Server and SQL Injection Roberto GABERGI (Feb 17)
- RE: ISA Server and SQL Injection Jeff Robertson (Feb 17)
  - Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
- RE: ISA Server and SQL Injection Sebastien Deleersnyder (Feb 19)
  - Re: ISA Server and SQL Injection Matthieu Estrade (Feb 19)
    - RE: ISA Server and SQL Injection Ofer Shezaf (Feb 21)
    - RE: ISA Server and SQL Injection Mark Curphey (Feb 21)

(Thread continues...)