Craig Norberg-Bohm
|
Posted: 07/13/2002, 6:55 PM |
|
To all:
I am concerned about CC being vulnerable to injection hacks out of the box.
Anyone looking into protection coding around the login fields and the search
text fields?
For information on an injection hack, see: http://www.webmasterbase.com/article.php?pid=140&aid=794
I find that I can write a custom login to protect those fields, but the
search text fields aren't exposed in the search/grid events.
Craig
|
|
|
Alexey Alexapolsky
|
Posted: 07/15/2002, 5:35 AM |
|
We've taken care about it.
E.g. all field content is escaped,
so that no one could inject sql into it.
--
Alex,
Support Engineer
CodeCharge Team
"Craig Norberg-Bohm" <cnb10@yahoo.com> wrote in message
news:agqlls$afn$1@news.codecharge.com...
> To all:
>
> I am concerned about CC being vulnerable to injection hacks out of the
box.
> Anyone looking into protection coding around the login fields and the
search
> text fields?
>
> For information on an injection hack, see:
> http://www.webmasterbase.com/article.php?pid=140&aid=794
>
> I find that I can write a custom login to protect those fields, but the
> search text fields aren't exposed in the search/grid events.
>
> Craig
>
>
>
|
|
|
Craig Norberg-Bohm
|
Posted: 07/24/2002, 6:41 PM |
|
Thanks Alex,
I'll trial out some tests.
Let you know how it goes.
Craig
"Alexey Alexapolsky" <alexa@codecharge.com> wrote in message
news:agufio$lgn$2@news.codecharge.com...
> We've taken care about it.
> E.g. all field content is escaped,
> so that no one could inject sql into it.
>
> --
>
> Alex,
> Support Engineer
> CodeCharge Team
>
>
> "Craig Norberg-Bohm" <cnb10@yahoo.com> wrote in message
>news:agqlls$afn$1@news.codecharge.com...
> > To all:
> >
> > I am concerned about CC being vulnerable to injection hacks out of the
> box.
> > Anyone looking into protection coding around the login fields and the
> search
> > text fields?
> >
> > For information on an injection hack, see:
> > http://www.webmasterbase.com/article.php?pid=140&aid=794
> >
> > I find that I can write a custom login to protect those fields, but the
> > search text fields aren't exposed in the search/grid events.
> >
> > Craig
> >
> >
> >
>
>
|
|
|
|