Its for any database http://en.wikipedia.org/wiki/SQL_injection On Thu, Oct 15, 2009 at 11:58 AM, aki <aki275@googlemail.com> wrote:
*solomon kariri **solomonkariri at gmail.com *<skunkworks%40lists.my.co.ke?Subject=Re%3A%20%5BSkunkworks%5D%20What%20is%20this&In-Reply-To=%3Cd27d6dc20910150140i79b45258h49bb0021d4ffa848%40mail.gmail.com%3E> *Actually I dont why Im always the person to get these funny things. I think whatever the case is, you should never display to the end user the results of an sql error as it might expose some information about the structure of the database. As in imagine a message like this [MySQL][Version 1.5] there is an error in your sql. Please check the manual for the correct syntax to use near 'username='whateveruproviede',access_level=3'. I was just wondering. From the response Im sure you can tell what database they are using because the nature of the messages is usually characteristic of certain database management system*. --------------------
Dude, When I get there, I'm sure will exchange some views with you because seems you are talking of exploits in sql.
But the basics of any application design ( my world at the moment ) or web design ( future world ):
- Forms ; capture, edit and query data - Db : store data
Db access needs I think 2 ports open in udp. The exploits are on all DB platforms or just one?
-- "always a student @ heart....? "
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Solomon Kariri, Software Developer, Cell: +254736 729 450 Skype: solomonkariri