More information about the Underscore mailing list

[_] Hack attempt

Tim Beadle tim.beadle at gmail.com
Tue Jul 29 12:04:33 BST 2008 

On Tue, Jul 29, 2008 at 12:01 PM, Oliver Humpage <oliver at watershed.co.uk> wrote:
>> http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-
>> injection-from-classic-asp.aspx
>
> That appears to take the extremely misguided approach of blocking any
> data which contains some SQL keywords. For instance, using the
> username "charlie" means that "char" matches, and thus stops poor
> charlie from logging in. Etc.

Not very good sticking plaster, then. Well, it stopped the hacking on
a soon-to-be-retired site...

Tim
-- 
Tim Beadle

*** Bathcamp - a BarCamp in Bath - 13th/14th September 2008
Book now at http://bathcamp08.eventbrite.com/ ***