Freitag, 18. April 2008, 1:37 Uhr

Wie man garantiert keine sichere Web-Applikation entwickelt

Können Web-Entwickler eigentlich noch dümmer werden? Es besteht zu befürchten …

The unfortunate developers executed several critical errors in establishing the site. First, they allowed a database with sensitive content to face the outside Internet. Second, they allowed queries from the website to access any of the information in that database. Third, they placed the SQL queries required to extract information inside GET requests from the browser (most easily recognised as the part of the URL after the question mark(?) if it is there). Finally, and possibly most critically, they did not perform any filtering of the anonymous GET requests, happily executing the SQL requests and returning the results.

Quelle: SQL string in URL exposes sex offender data

Labels: IT, Web

Kommentar erfassen