Why you should sanitize input data

Bob Sneidar bobsneidar at iotecdigital.com
Mon Jul 16 16:50:43 CEST 2018


Judging by this, simply putting an SQL server behind a web server does not really protect the SQL server like some propose. Maybe I'm oversimplifying the issue, but it seems they are saying that using this method, shell commands can be executed, and that means access to the sql database can be had. 

Bob S


> On Jul 15, 2018, at 14:31 , J. Landman Gay via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> I suspect the paranoid among us already know this, but I didn't realize it was quite so easy:
> 
> https://null-byte.wonderhowto.com/how-to/use-command-injection-pop-reverse-shell-web-server-0185760/
> 
> -- 
> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
> HyperActive Software           |     http://www.hyperactivesw.com




More information about the use-livecode mailing list