On Wed, Feb 13, 2013 at 4:46 AM, Timo Strunk <[email protected]> wrote: > Hi everybody, > > There is a very inflammatory article about BOINC on the MDR website, > which blames the University of Berkeley for not fixing security holes, > which (in my opinion, but I'm not sure) are fixed. > http://www.mdr.de/mdr-info/hacker-boinc100.html > ... If somewhat founded after stripping hyperbole, the following should be helpful: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet.
Encodings and paramaterized queries should probably be your top two defenses at the server. The client could be under an attacker's control, so treat all input as untrusted. That is, don't sanitize at the client on behalf of the server. Jeff _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
