-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Chris Ahlstrom on Tuesday 11 August 2009 11:31 : \____
> After takin' a swig o' grog, Roy Schestowitz belched out
> this bit o' wisdom:
>
>> ____/ Lusotec on Tuesday 11 August 2009 08:38 : \____
>>
>>> Roy Schestowitz wrote:
>>>> MoD website outflanked by XSS flaws
>>>>
>>>> http://www.theregister.co.uk/2009/08/10/mod_xss_vulns/
>>>>
>>>> It's a Windows shop.
>>>
>>> XSS security vulnerabilities are in the scripts driving the site. XSS (and
>>> also SQL injections) vulnerabilities are the result of coding flaws in the
>>> script where the inputs are not properly checked and sanitized. The OS and
>>> web server has nothing to do with it.
>>
>> I've read somewhere that a good database can prevent this too, at a lower
>> level. In the context of Windows servers, this was states as well.
>
> Where?
Glyn Moody. You could detect overrunning buffers for instance.
- --
~~ Best of wishes
Ich kenne auch ein Klo, wo "Austria Email" draufsteht. Das ist
wahrscheinlich eine Art Rohrpost. -- Robert Bihlmeyer in at.sonstiges
http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
Cpu(s): 22.6%us, 5.0%sy, 0.1%ni, 70.6%id, 1.3%wa, 0.0%hi, 0.4%si, 0.0%st
http://iuron.com - semantic engine to gather information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqCCl8ACgkQU4xAY3RXLo7eCQCfRC71g4vwHj/xMfCGJLZtjQbR
lx0An0ryF65TD1ABkyvsn21Kddk8wC2e
=X2DH
-----END PGP SIGNATURE-----
|
|