=> -----Original Message----- => From: [EMAIL PROTECTED] => [mailto:[EMAIL PROTECTED] On Behalf Of Ed Leafe => Sent: Thursday, August 24, 2006 14:59 => To: ProFox Email List => Subject: Re: ProfoxTech Digest, Vol 39, Issue 93 => => On Aug 24, 2006, at 2:37 PM, [EMAIL PROTECTED] wrote: => => > The hacker breaks into the system by injecting malformed => SQL into the => > query. This particular hack works because the executed => query is formed => > by the concatenation of a fixed string and values entered => by the user, => > as shown here: => => Bzzzzzt!! => => Anyone who blindly enters uncontrolled values into a => SQL command is a complete moron. That form of injection was => known and handled about a decade ago, when web pages were => first used with databases. => => -- Ed Leafe
Who said "Two most plentiful things on Earth are nitrogen and stupidity."? You are correct, sir. (To paraphrase a M$ ad) HALinNY _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
