[nycphp-talk] Not-so-subtle attack on PHP
Kenneth Downs
ken at secdat.com
Wed Sep 26 06:54:33 EDT 2007
*From: http://www.eweek.com/article2/0,1759,2188714,00.asp
Q: How can sites protect themselves against SQL injection?
A: *The best defense is to design your database-backed Web site properly
to make sure it always separates SQL code and user data. You basically
have a choice between programming tools that are specifically designed
to prevent you from making this kind of mistake and those that allow you
to get into trouble if you're not careful. Roughly speaking, this
corresponds to the difference between the newer Microsoft .Net tools and
their older tools or open source frameworks like PHP.
--
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com www.andromeda-project.org
631-689-7200 Fax: 631-689-0527
cell: 631-379-0010
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070926/814ee0ea/attachment.html>
More information about the talk
mailing list