* AqD peremptorily fired off this memo:
> On May 16, 8:21 pm, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
>>
>> http://www.pcworld.com/businesscenter/article/145953/after_treasure_h...
>>
>> SQL injection attack in 'third wave,' says IBM
>
> Ask any senior web programmer and he would tell you SQL injection is a
> flaw in the website code - NOT THE BROWSER OR WEB SERVER.
You might want to
Please help improve this article by adding citations to reliable
sources.
for
http://en.wikipedia.org/wiki/SQL_injection
which says
SQL injection is a technique that exploits a security vulnerability
occurring in the database layer of an application. The vulnerability
is present when user input is either incorrectly filtered for string
literal escape characters embedded in SQL statements or user input is
not strongly typed and thereby unexpectedly executed. It is in fact
an instance of a more general class of vulnerabilities that can occur
whenever one programming or scripting language is embedded inside
another.
Then continue on a bit later:
On some SQL servers such as MS SQL Server any valid SQL command may
be injected via this method, including the execution of multiple
statements.
. . .
Other SQL implementations won't execute multiple commands in the same
SQL query as a security measure. This prevents crackers from
injecting entirely separate queries, but doesn't stop them from
modifying queries.
In other words, Microsoft did an unwise thing in their implementation.
> The author of the article is an idiot. But since you're a linux user
> and you post it here, I must admit the quality of linux users really
> have degraded considerably over the years.
Of course they have. That's because Linux is getting ever more popular.
Soon we may have as many idiots running Linux as we have running
Windows!
> Ask yourself, Is it really good to advocate linux to those common PC
> users, who have no idea how real things work and have no interest to
> know, and would just talk nonsense instead of trying to find the truth
> whenever they see a problem?
P.K.B.
--
In this business, by the time you realize you're in trouble, it's too late
to save yourself. Unless you're running scared all the time, you're gone.
-- Bill Gates
|
|
