"Steven Brown" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > > -----Original Message----- > > From: Derick Rethans [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 14, 2003 12:33 AM > > To: moshe doron > > Cc: [EMAIL PROTECTED] > > Subject: Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released > > > > > > On Thu, 14 Aug 2003, moshe doron wrote: > > > > > What about hacking somehow the sqlite library to disallow chained > > > queries (or at least do it optionally)? > > > > > > This behavior is *huge* security hole, allow to the cracker drop ur > > > database using simple select where query. > > > > How is this a security hole? > > E.g., > > $id = "0; drop bar"; > lamesql_query("select foo from bar where id = $id"); > that's the mysql way.... with sybase style (used by sqlite), the is no need to separator, makes the detection even harded. (i used using pear sql_parser before executing the query but u can also turn on sybase magic mode (worst choice ! it's buggy) and *always* encapsulate the vars cames from the user with " ' ")
moshe. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
