Hosting Provided By

Re: Lazy sanitizing of data for SQL queries

From: HarryM <harrym(at)the-group.org>
Date: Fri Jan 24 2003 - 23:21:47 EST

I'm currently using this idea only for one application, and it's working well - but the fields i'm base64ing are never searched on or sorted, they're only ever displayed.

As I mentioned in a previous email (which doesn't seem to have gotten through yet), this clearly isn't a solution for anything complex. My initial post was intended more to ask if anyone could think of a specific security problem with using base64 in and of itsself, as opposed to the wider viability of the idea, but i didn't really make that clear, so... my bad.

Thanks for all the responses, though!

Harry

Original Message ----- From: "Lawrence, Gabriel" <glawrence@ucsd.edu> To: "Sverre H. Huseby" <shh@thathost.com>; "HarryM" <harrym@the-group.org> Cc: <webappsec@securityfocus.com> Sent: Friday, January 24, 2003 9:30 PM Subject: RE: Lazy sanitizing of data for SQL queries

> This may be an obvious one.... but, unless the db itself knew to unpact
Received on Fri Jan 24 23:56:23 2003

This message: [ Message body ]
Next message: Amit Klein: "XS(T) attack variants which can, in some cases, eliminate the need for TRACE"
In reply to Lawrence, Gabriel: "RE: Lazy sanitizing of data for SQL queries"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:48 EDT