-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just adding a data point: Google (http://www.google.com/search?q=inurl%3Adeclare+&meta=lr%3D%26hl%3Den&btnG=Google+Search) shows about 290K URLs with declare in them (vs. 20B with www in them). That seems like a pretty small percentage to me. - -David
McClinton, Rick wrote: | Hi list, I was reading about the recent round of sql injection attacks | at http://www.f-secure.com/weblog/archives/00001427.html. Their SQL code | snippet does not match any of the strings in rule 31103 as its content | is obfuscated, but it starts off with 'declare'. I've decided to | overwrite 31103 with a local_rule to add 'declare' to the list. I am | not a web developer, but it seems to me that 'declare' isn't too likely | to be used an a URI. Are there any web developers who could comment? | | I'd like to nominate 'declare' to be added to the official rule, as well. | | thanks | Rick | | ps sorry about the disclaimer | | | This message contains TMA Resources confidential information and is | intended only for the individual named. If you are not the named | addressee you should not disseminate, distribute or copy this e-mail. | Please notify the sender immediately by e-mail if you have received this | e-mail by mistake and delete this e-mail from your system. E-mail | transmission cannot be guaranteed to be secure or error-free as | information could be intercepted, corrupted, lost, destroyed, arrive | late or incomplete, or contain viruses. The sender therefore does not | accept liability for any errors or omissions in the contents of this | message which arise as a result of e-mail transmission. If verification | is required please request a hard-copy version. - -- _______________________________________________ GPG (http://www.gnupg.org/) key available from: http://www.kayakero.net/per/david/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFILI2YCzuSgviBh00RAgSgAJ9PDwUNAlY+bSjZLkiLmW0i5BW8pwCfUNly AWEt7EnvUlRioUTkvNyzfvc= =Ckoi -----END PGP SIGNATURE-----
