Hi! On 11-07-05 4:57 PM, "Jack Hsu" <[email protected]<mailto:[email protected]>> wrote: In BioMart we do clean all user input, so SQL injection would be impossible against the system. Just to add: this is for BioMart 0.8. BioMart 0.7 should be safe against SQL injection too, but I would not vouch that there is absolutely no case in which SQL injection is possible.
Bob, you are right when you say that a user can achieve very little with SQL injection in BioMart. The BioMart user can typically not write to the database (drop tables/databases) and you can also set it up that the BioMart user cannot see other databases with potential sensitive data (depending on the database you use). Joachim
_______________________________________________ Users mailing list [email protected] https://lists.biomart.org/mailman/listinfo/users
