Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] [Rival] MoD Runs Windows, Gets Cracked

Hash: SHA1

____/ Lusotec on Wednesday 12 August 2009 09:46 : \____

> Roy Schestowitz wrote:
>> Lusotec wrote:
>>> XSS security vulnerabilities are in the scripts driving the site. XSS
>>> (and also SQL injections) vulnerabilities are the result of coding flaws
>>> in the script where the inputs are not properly checked and sanitized.
>>> The OS and web server has nothing to do with it.
>> I've read somewhere that a good database can prevent this too, at a lower
>> level. In the context of Windows servers, this was states as well.

> I have no knowledge of any SQL server that has any *active* protection
> against SQL injection in their standard configuration.
> Some SQL DB servers provide things like stored procedures and parametrized
> queries that allow the developers to avoid SQL injections vulnerabilities
> but these have to be *correctly* used by the developer to have any positive
> effect.
> There are automated protections against SQL injections that work as a filter
> in front of the server and only pass to the server SQL queries that are
> considered safe. This approach as its disadvantages but with all the crappy
> scripts (and developers) out there it may just be what the doctor ordered.
> Regards.

Will these stored procedures permit an intruder to gain control over the

- -- 
                ~~ Best of wishes

Roy S. Schestowitz      |    "ASCII stupid question, get a stupid ANSI"
http://Schestowitz.com  |  Open Prospects   |     PGP-Key: 0x74572E8E
Tasks: 140 total,   1 running, 139 sleeping,   0 stopped,   0 zombie
      http://iuron.com - knowledge engine, not a search engine
Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index