Kenneth Downs wrote:
Many things are a waste of the cracker's time, but they do them anyway. So counting on the result not being worth the time of cracker is wishful thinking. :-)
Even if one has full cell level security in the DB, I expect there are still denial of service injection attacks that may not access any cells at all. I'll leave it to the SQL experts to devise the nastiest, exponential time problems they can express in SQL. Brownie points for doing it in pure SQL without any vendor extensions. :-)
-- Elliotte Rusty Harold [EMAIL PROTECTED] Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
