On Tue, April 4, 2006 10:25, David Kalins wrote:
> Folks -- A few weeks ago at our security sig meeting, a simple and
> cleverly nasty little trick was demonstrated to crack into common mysql
> applications. Does anyone recall exactly how that was done?
This is not specific to the technique(s) shown at the recent security
SIG meeting, but typing 'sql injection' into any major Internet search
engine will uncover a large number of tutorials.
This looks like one good introduction to the topic:
"Steve Friedl's Unixwiz.net Tech Tips
SQL Injection Attacks by Example"
http://www.unixwiz.net/techtips/sql-injection.html
and its recommendations seem to be in accord with those seen in other
articles, including those in this Microsoft developer magazine article
<http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/>.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue Apr 4 10:41:47 2006
This archive was generated by hypermail 2.1.8 : Tue Apr 04 2006 - 10:41:48 PDT