Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Lazy sanitizing of data for SQL queries

From: HarryM <harrym(at)the-group.org>
Date: Fri Jan 24 2003 - 14:09:56 EST

I was just thinking about this - Perhaps a good way of lazily sanitising data to be inserted into an SQL query would be to Base64 encode it? You could then decode it before displaying it to the user. Obviously this doesn't prevent XSS attacks, and it would slightly increase the size of the data being stored, but aside from that... Can anyone see a problem with this idea?

HarryM Received on Fri Jan 24 15:08:08 2003

This message: [ Message body ]
Next message: Sverre H. Huseby: "Re: Lazy sanitizing of data for SQL queries"
Previous message: Steven M. Christey: "Re: New Web Vulnerability - Cross-Site Tracing"
Next in thread: Sverre H. Huseby: "Re: Lazy sanitizing of data for SQL queries"
Reply: Sverre H. Huseby: "Re: Lazy sanitizing of data for SQL queries"
Reply: Brass, Phil (ISS Atlanta): "RE: Lazy sanitizing of data for SQL queries"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library