On Wed, 28 Apr 2010 16:54:56 -0400, "David Stoltz" wrote: >[...] >We recently have added a very small web application that is vendor >supported. They said it's not working, so I investigated. I found that >our software protection was blocking their pages because they are >actually passing entire SQL queries in their form POSTs. Now, the app is >SSL protected, and they claim the queries are not executed - only >inserted into the database to be used later. They also said it's >protected by the ASP.NET framework authentication.... [...]
Unless they're storing the SQL queries so that they can show them later on, e.g. as text in a forum post, I think you have a major WTF on your hands! Please submit here! http://thedailywtf.com/Contact.aspx :) -- Ross McKay, Toronto, NSW Australia "The chief cause of problems is solutions" -Eric Sevareid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
