WebApp Sec mailing list archives
RE: Lazy sanitizing of data for SQL queries
From: "Lawrence, Gabriel" <glawrence () ucsd edu>
Date: Fri, 24 Jan 2003 13:30:50 -0800
This may be an obvious one.... but, unless the db itself knew to unpact it internally, you'd lose all the benefits of being in a database... Sorting would be funky, queries with any kind of string handling in them wouldn't work.... Seems a little like cutting of your nose... -gabe -----Original Message----- From: Sverre H. Huseby [mailto:shh () thathost com] Sent: Friday, January 24, 2003 12:31 PM To: HarryM Cc: webappsec () securityfocus com Subject: Re: Lazy sanitizing of data for SQL queries [HarryM] | Perhaps a good way of lazily sanitising data to be inserted into | an SQL query would be to Base64 encode it? [...] Can anyone see a | problem with this idea? Yes. What would you do for columns that were not textual? Sverre. -- shh () thathost com Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/
Current thread:
- Re: Lazy sanitizing of data for SQL queries Sverre H. Huseby (Jan 24)
- Re: Lazy sanitizing of data for SQL queries Sverre H. Huseby (Jan 24)
- <Possible follow-ups>
- RE: Lazy sanitizing of data for SQL queries Brass, Phil (ISS Atlanta) (Jan 24)
- RE: Lazy sanitizing of data for SQL queries Lawrence, Gabriel (Jan 24)