[
https://bro-tracker.atlassian.net/browse/BIT-1411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21935#comment-21935
]
Seth Hall commented on BIT-1411:
--------------------------------
This is a good point and now I wish I had named it differently in the first
place. I went with victim though because it's typical use was to discover
cases where attackers were actively mapping out a database which made the
target into a victim. :)
I wonder if we're past the point where this is really changeable? We have to
be careful changing stuff like this that people are relying on. I suppose it
could be fine as long as it's included in the list of breaking changes that
we've started writing for releases.
> SQL_Injection_Victim is a misleading name
> -----------------------------------------
>
> Key: BIT-1411
> URL: https://bro-tracker.atlassian.net/browse/BIT-1411
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Vern Paxson
>
> I suggest changing the name of this notice to {{SQL_Injection_Target}}.
> Having "victim" in the name implies to me that the attack succeeded, which is
> not what the associated logic is about.
> Indeed, I even wonder if this notice is useful. The information should be
> directly available from {{SQL_Injection_Attacker}} notices (though it doesn't
> appear to be currently set up to provide this - why not?).
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
