[PLUG] SQL insertion attacks
Rich Shepard
rshepard at appl-ecosys.com
Wed Oct 30 19:07:06 UTC 2002
On Wed, 30 Oct 2002, Bear Giles wrote:
> This is easy to fix in most cases, e.g., if you collect information on
> a web page that will be echoed to a web page, replace ' with ' and
> " with "... and also replace <, > and & to prevent abusive HTML.
Thanks, Bear. I understood conceptually how it might work but your
explanation was right on target.
> But many sites don't bother.
So? What else is new? Isn't that why there are so many open relays and
other irritants on the 'Net?
Rich
More information about the PLUG
mailing list