Обсуждение: Little Bobby Tables visits MySQL.com

Поиск
Список
Период
Сортировка

Little Bobby Tables visits MySQL.com

От
Joshua Berkus
Дата:
All,

Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:

http://blog.sucuri.net/2011/03/mysql-com-compromised.html

(wanna bet the site is running 4.1 or something?)

Let that be a lesson to you: sanitize your SQL inputs!

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
San Francisco

Re: Little Bobby Tables visits MySQL.com

От
Adrian Klaver
Дата:
On 03/28/2011 09:40 AM, Joshua Berkus wrote:
> All,
>
> Apparently Oracle didn't see fit to activate MySQL's own anti-SQL-injection features on their own site:
>
> http://blog.sucuri.net/2011/03/mysql-com-compromised.html
>
> (wanna bet the site is running 4.1 or something?)
>
> Let that be a lesson to you: sanitize your SQL inputs!
>

Ouch!

--
Adrian Klaver
adrian.klaver@gmail.com