Hi John, > I'm concerned about one thing with DecentURL: Cross-Site Scripting. > From my logs: > 202.78.158.138 sbih.org ... "GET /%22;drop%20table; HTTP/1.1"
I'm uncertain how this example is cross-site scripting ... isn't that when you inject JavaScript into web pages? If websites suffer from SQL-injection "drop table" problems, there's not much anyone can do except the web developer -- changing his code to run user strings through sqlquote(). But I could well be missing something ... BTW, Barry, good point about "fool-resistant". :-) Cheers, Ben -- Ben Hoyt, +64 21 331 841 http://www.benhoyt.com/ -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
