"Marc Boeren" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > that's the point. if the cracker can change only the end of > > the query, it's not so usefull for him (he can maximum get other id) > > How about a form of dos: > > '...where id = '.$id > > with $id = '23129 or 1' > > this will select all entries in the table which could result in DoS... > > So, ultimately this problem is the coders responsibility. > DoS are not equivalent to droping the whole database (in the fast and soft case...). most of the system allowing searches, can be DoSed easily.
moshe -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
