[CentOS] Firefox Issue

Thu Jan 5 22:44:19 UTC 2017
John R Pierce <pierce at hogranch.com>

On 1/5/2017 2:23 PM, Always Learning wrote:
> SQL injection attempts, made by suffixing usually very long strings of
> SQL coding to valid parameters such as domain.com/info.php?aaaa=12345,
> has been popular with the Russians for at least the last few years.

SQL Injection is a server side issue, not a browser issue.

> The only method of preventing it compromising a site is to test the
> acceptable maximum length of the parameter (in this example '12345') and
> if exceeded block the IP address in iptables.

no, the proper method of preventing it is not checking the length of the 
parameter, rather, its ensuring you don't construct SQL queries out of 
arbitrary URL input without proper parameter substitution techniques 
such as passing parameters by value rather than string substitution, or 
using the appropriate string escaping techniques for your database API..

john r pierce, recycling bits in santa cruz