 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 4/3/07, Bill Horne <bill at horne.net> wrote: > 1. Create an SQL user with only Select permission, and use that for > all web-generated queries. Yes, and additionally, possibly make it a VIEW rather than an actual table entry. That way you limit the damage if someone finds another way in... > 2. Filter SQL delimiters from all POST data Again, this is bad practice. Never filter specific inputs. Always whitelist. You could do more, but how secure do you really need it to be. You aren't storing SSNs I hope :-) -- Kristian Hermansen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
