Little note to php coders
Check out this link, if you need something to laugh at:
http://www.postgresql.org/idocs/index.php?1'
Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
it is
very dangerous i guess. Right?
________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com
On Tue, 8 Oct 2002, Sir Mordred The Traitor wrote:
Check out this link, if you need something to laugh at:
http://www.postgresql.org/idocs/index.php?1'Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
it is
very dangerous i guess. Right?
I'm not sure what list this really fits onto so I've left as hackers.
The old argument about data validation and whose job it is. However, is there a
reason why all CGI parameters aren't scanned and rejected if they contain
any punctuation. I was going to say if they contain anything non alphanumeric
but then I'm not sure about internationalisation and that test.
--
Nigel J. Andrews
On Tue, 8 Oct 2002, Sir Mordred The Traitor wrote:
Check out this link, if you need something to laugh at:
http://www.postgresql.org/idocs/index.php?1'Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
it is
very dangerous i guess. Right?
Don't see what you're complaining about. I get teh 7.2.1 admin guide.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
http://www.camping-usa.com http://www.cloudninegifts.com
http://www.meanstreamradio.com http://www.unknown-artists.com
==========================================================================
Nice. That little, cute admin :-).
This is already fixed, and where is 'thanks' i wonder?
I've been talking about sql injection.
How about that in http://www.postgresql.org/mirrors/index.php:
-------
Warning: PostgreSQL query failed: ERROR: invalid INET value 'r'
in /usr/local/www/www/mirrors/index.php on line 263
Database update failed, contact the webmaster.
insert into mirrorsites(mirrorhostid,ipaddr,portnum,...) values(..)
------
Insert statement is shortened.
________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com
Import Notes
Resolved by subject fallback
This is one of the reasons I usually recommend running with magic quotes
on, it provides a bit of insurance for those spots where your data
validation is not up to snuff.
Robert Treat
Show quoted text
On Tue, 2002-10-08 at 06:11, Nigel J. Andrews wrote:
On Tue, 8 Oct 2002, Sir Mordred The Traitor wrote:
Check out this link, if you need something to laugh at:
http://www.postgresql.org/idocs/index.php?1'Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
it is
very dangerous i guess. Right?I'm not sure what list this really fits onto so I've left as hackers.
The old argument about data validation and whose job it is. However, is there a
reason why all CGI parameters aren't scanned and rejected if they contain
any punctuation. I was going to say if they contain anything non alphanumeric
but then I'm not sure about internationalisation and that test.--
Nigel J. Andrews---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly