On Tue, Dec 02, 2014 at 11:05:00AM -0800, Will Sargent wrote: > Would "parse tree differential attack" overlap with this category as well? > > http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=6553401
Full Text Here? http://langsec.org/papers/langsec-tr.pdf Almost certainly there is a large overlap there. BTW, what do you & langsec think of this? Using parse tree validation to prevent SQL injection attacks (2005) http://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.120.9618 I'm not sure I'm comfortable with the solution since it involves making assumptions about how the database engine parses SQL. E.G. all the weird divergences... for example, some SQL engines treat Unicode half-quote as a quote. My thinking is that any minor discrepancy in the PEP and the SQL engine is a parse tree differential. Also I'm curious if one could simultaneously break out of one atom and into another, so that that parse tree has the same number of nodes and/or the same structure. My insticts tell me this is possible and useful, though not clear how or when. I would love some examples. That might even be a clever counter-countermeasure paper. If someone is so inclined, I'll happily review your drafts :-) -- http://www.subspacefield.org/~travis/ Split a packed field and I am there; parse a line of text and you will find me.
pgpeBKzLA7R4u.pgp
Description: PGP signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
