Hosting Provided By

Re: Paper of insecure in PHP... and doubt in SQL-Injection

From: Kevin Spett <kspett(at)spidynamics.com>
Date: Thu Feb 20 2003 - 11:03:02 EST

The best paper on PHP security in general that I've seen is _A Study In Scarlet_ (http://www.securereality.com.au/studyinscarlet.txt)

For general SQL injection instruction, I recommend my paper (http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf) and the NGS paper written by Chris Anley
(www.nextgenss.com/papers/advanced_sql_injection.pdf ).

I think the requested properties error message indicates that the database driver does not know how to handle the kind of result that the database server returned. This can be a problem when mixing driver and database server vendors. I don't know how to get around it offhand. Perhaps someone with more ADO experience can offer some ideas or clarifications.

Kevin Spett
SPI Labs
http://www.spidynamics.com/

Original Message ----- From: <sekure@hadrion.com.br> To: <webappsec@securityfocus.com> Sent: Thursday, February 20, 2003 8:52 AM Subject: Paper of insecure in PHP... and doubt in SQL-Injection

> Hi,
>
> I'm searching a good paper or collection of papers that describe
Received on Thu Feb 20 11:32:05 2003

This message: [ Message body ]
Next message: Emanuele Rocca: "Re: Paper of insecure in PHP... and doubt in SQL-Injection"
Previous message: zeno: "Re: Paper of insecure in PHP... and doubt in SQL-Injection"
In reply to sekure(at)hadrion.com.br: "Paper of insecure in PHP... and doubt in SQL-Injection"
Next in thread: Emanuele Rocca: "Re: Paper of insecure in PHP... and doubt in SQL-Injection"
Reply: Emanuele Rocca: "Re: Paper of insecure in PHP... and doubt in SQL-Injection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT