On Mon, Nov 29, 2010 at 01:44:33PM -0500, Paul Smith wrote: > On Mon, 2010-11-29 at 19:34 +0100, Sylvain Beucler wrote: > > What I know is there's been a SQL injection leading to illegitimate > > membership access > > Oh blerg. The prevalence of these types of very simple (to avoid and to > fix) mistakes even on technical sites makes me despair.
I spend several weeks patching hundreds of DB queries to attempt to get rid of them. That's not so easy because apparently I managed to miss a couple. Sure, it's easy to avoid when you rewrite from scratch, but we're talking about legacy code whose rewrite is not finished yet. -- Sylvain
