[nycphp-talk] Not-so-subtle attack on PHP
Elliotte Harold
elharo at metalab.unc.edu
Fri Sep 28 18:49:53 EDT 2007
Kenneth Downs wrote:
>
>> Many things are a waste of the cracker's time, but they do them
>> anyway. So counting on the result not being worth the time of cracker
>> is wishful thinking. :-)
>
Even if one has full cell level security in the DB, I expect there are
still denial of service injection attacks that may not access any cells
at all. I'll leave it to the SQL experts to devise the nastiest,
exponential time problems they can express in SQL. Brownie points for
doing it in pure SQL without any vendor extensions. :-)
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the talk
mailing list