Why you should sanitize input data
Brian Milby
brian at milby7.com
Mon Jul 16 11:52:43 EDT 2018
It is all about input validation. Access to a SQL server is reasonable. Access to the shell is something that probably should be avoided. In either case you need to be sure the user/hacker cannot send requests that you do not allow.
Thanks,
Brian
On Jul 16, 2018, 9:51 AM -0500, Bob Sneidar via use-livecode <use-livecode at lists.runrev.com>, wrote:
> Judging by this, simply putting an SQL server behind a web server does not really protect the SQL server like some propose. Maybe I'm oversimplifying the issue, but it seems they are saying that using this method, shell commands can be executed, and that means access to the sql database can be had.
>
> Bob S
>
>
> > On Jul 15, 2018, at 14:31 , J. Landman Gay via use-livecode <use-livecode at lists.runrev.com> wrote:
> >
> > I suspect the paranoid among us already know this, but I didn't realize it was quite so easy:
> >
> > https://null-byte.wonderhowto.com/how-to/use-command-injection-pop-reverse-shell-web-server-0185760/
> >
> > --
> > Jacqueline Landman Gay | jacque at hyperactivesw.com
> > HyperActive Software | http://www.hyperactivesw.com
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list