[CentOS] Firefox Issue
John R Pierce
pierce at hogranch.com
Thu Jan 5 22:44:19 UTC 2017
On 1/5/2017 2:23 PM, Always Learning wrote:
> SQL injection attempts, made by suffixing usually very long strings of
> SQL coding to valid parameters such as domain.com/info.php?aaaa=12345,
> has been popular with the Russians for at least the last few years.
SQL Injection is a server side issue, not a browser issue.
> The only method of preventing it compromising a site is to test the
> acceptable maximum length of the parameter (in this example '12345') and
> if exceeded block the IP address in iptables.
no, the proper method of preventing it is not checking the length of the
parameter, rather, its ensuring you don't construct SQL queries out of
arbitrary URL input without proper parameter substitution techniques
such as passing parameters by value rather than string substitution, or
using the appropriate string escaping techniques for your database API..
--
john r pierce, recycling bits in santa cruz
More information about the CentOS
mailing list