Comments | necaris: tech reporting: not so grate aktually

necaris

tech reporting: not so grate aktually

Aug 17, 2009 14:34

Er, what? SQL injection is a complicated technique these days?

Come on, it's in XKCD, for heaven's sake, it's not that bloody complicated...

(In other news, remind me never to use my credit card in the US again; if that many payment providers don't sanitize their database inputs, there is little hope for the web development world...)

Comments 4

thecapitalc August 18 2009, 06:25:23 UTC

Perhaps it's worth considering that most people who read XKCD also come from that self- selecting subset who don't think this technique is complicated?

...

just musing ;)

How's everything else?

necaris August 18 2009, 08:24:11 UTC

Well, sure, but it's among the most trivial of exploit techniques to protect against -- seriously, it's Database-Backed Software Development 101. If the people who are processing credit card payments aren't protecting against something so simple, then ... :-(

I will hopefully post about Other Things soon. This just caught my eye.

tyr_arcana August 18 2009, 12:19:46 UTC

From the wording of that article it sounds more like these were internal databases, not meant to be accessed from outside their offices/vpn's... still, they should have injection protection to guard against malicious employees, regardless.

necaris August 18 2009, 22:43:03 UTC

Unless the crackers managed to get in and start issuing raw queries to their DB server, there's no excuse for letting them inject arbitrary SQL :-)