On Thu, Apr 16, 2009 at 2:05 PM, Paul Hill <[email protected]> wrote: > On Thu, Apr 16, 2009 at 7:56 PM, Stephen Russell <[email protected]> > wrote:
> > I've mentioned this webpage before: > > http://www.sommarskog.se/ > > In particular 'The curse and blessings of dynamic SQL'. Well worth a read. > > I remember working on VB6 app years ago where you could inject your > own SQL code into the username field on the login screen. It was an > internal GUI app so unlikely to be hacked, but it's was great > introduction to injection. ----------------------- ' Go drop table users Go Bad Steve! -- Stephen Russell Sr. Production Systems Programmer Web and Windows Development Independent Contractor Memphis TN 901.246-0159 _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
