WebApp Sec mailing list archives
Re: SQL Injection Basics
From: "Jim McGarvey" <mcga0031 () umn edu>
Date: Wed, 12 Feb 2003 00:41:10 -0800
Mark C., thanks for the info and links. The Filters Project looks very promising. I'd like to try it out when it gets released. David and Mark M., my mistake: as you've said, that code was not vulnerable to SQL injection as I had first thought, and just needed a minor correction. Thanks, -Jim ----- Original Message ----- From: "Mark Curphey" <mark () curphey com> To: "Jim McGarvey" <mcga0031 () umn edu> Cc: <webappsec () securityfocus com> Sent: Tuesday, February 11, 2003 8:29 PM Subject: Re: SQL Injection Basics
Jim, The OWASP web site is in a bad way; mainly because we (well David Raphael) have been building out the long term site, a Java based portal which will dynamically build the site with the latest code and documentation (all driven through DocBook). Its just not worth maintaining the html version of the site as this will come on-line very shortly. Our apologies for that but this will be better all around in the long term. You can look at the CVS code for Filters via Web CVS at http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/owasp/filters/ The next version of the OWASP Guide is being baked and there are code examples in the brew. This is draft and DocBook but Appb.xml and Appc.xml maybe of interest. http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/owasp/guide/ The DocBook for Alex's presentation about Filters is also in the Filters mailing list archives at
http://sourceforge.net/mailarchive/forum.php?thread_id=1565817&forum_id=1280 9
Cheers Mark
Current thread:
- Re: SQL Injection Basics, (continued)
- Re: SQL Injection Basics Dirk Gomez (Feb 10)
- RE: SQL Injection Basics Logan F.D. Greenlee (Feb 10)
- RE: SQL Injection Basics Brass, Phil (ISS Atlanta) (Feb 11)
- RE: SQL Injection Basics Eric Appelboom (Feb 11)
- Re: SQL Injection Basics Kevin Spett (Feb 11)
- RE: SQL Injection Basics Patrick Debois (Feb 11)
- RE: SQL Injection Basics Logan F.D. Greenlee (Feb 11)
- RE: SQL Injection Basics Mark Mcdonald (Feb 11)
- Re: SQL Injection Basics Jim McGarvey (Feb 11)
- Re: SQL Injection Basics Mark Curphey (Feb 11)
- Re: SQL Injection Basics Jim McGarvey (Feb 12)
- Re: SQL Injection Basics dreamwvr () dreamwvr com (Feb 12)
- Re: SQL Injection Basics Jim McGarvey (Feb 11)
- RE: SQL Injection Basics David Cameron (Feb 11)
- RE: SQL Injection Basics Mark Mcdonald (Feb 11)
- RE: SQL Injection Basics Jason Benson (Feb 12)
- RE: SQL Injection Basics David Cameron (Feb 12)
- Re: SQL Injection Basics Alex Russell (Feb 12)
- RE: SQL Injection Basics David Cameron (Feb 12)
- RE: SQL Injection Basics Brass, Phil (ISS Atlanta) (Feb 13)
- Re: SQL Injection Basics Bart McKinnley (Feb 14)