Sanding our assholes with 150 grit. Slowly. Lovingly.

Don't DROP our data

SQL injection protection gone awry.

http://worsethanfailure.com/Default.aspx
Permalink Send private email JoC 
July 6th, 2007 11:56am
That is an amusing error message.  Kinda just asking for somebody to turn off javascript and enter some evil SQL.
Permalink Send private email Clay Dowling 
July 6th, 2007 1:23pm
"Hudson Valley Federal Credit Union's online banking enrollment asks the typical security questions."

I work with bank type software/security.  This place wouldnt pass any of the federal (enron like) guidelines on security.  Oh my god.
Permalink Bot Berlin 
July 6th, 2007 2:34pm
Also, normally if you encounter any invalid characters like
"'", you are supposed to fail out, that and use prepared statements.
Permalink Bot Berlin 
July 6th, 2007 2:35pm
I thought you just used parameterized sprocs and called it a day?
Permalink Send private email JoC 
July 6th, 2007 2:38pm

This topic is archived. No further replies will be accepted.

Other topics: July, 2007 Other topics: July, 2007 Recent topics Recent topics