Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^4: Hacker Proofing My Script

by dave_the_m (Monsignor)
on Oct 04, 2004 at 21:19 UTC ( [id://396392]=note: print w/replies, xml ) Need Help??


in reply to Re^3: Hacker Proofing My Script
in thread Hacker Proofing My Script

could it be that the placeholder-magic is faked by DBD/DBD::MYSLQ and that it simply relies on quoting and interpolating the placeholders? That would of course be a Bad Thing.
Not necessarily. The DBD::MySQL driver is likely to have been written by someone competent, who understands how to do the correct quoting to make it injection proof; this is in contrast to typical user-level code, which has a good chance of getting it wrong. So even faked placeholders buy you security.

Dave.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://396392]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (3)
As of 2024-04-20 01:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found