[PLUG] SQL insertion attacks
Paul Heinlein
heinlein at attbi.com
Wed Oct 30 17:07:31 UTC 2002
On Wed, 30 Oct 2002, Rich Shepard wrote:
> This brings me to my question: is this exploit possible on _all_ web
> servers or is it brand (or database) specific? That is, are apache
> servers with mySQL or postgres backends susceptible to this attack?
It all depends on the code used to interface between Apache and the
RDBMS. If the code does the proper bounds checking, character
escaping, etc., then everything is fine. If the code accepts remote
input without strict checks, then all sorts of mischief is possible.
--Paul Heinlein <heinlein at attbi.com>
More information about the PLUG
mailing list