Hi,
On Sat, Oct 10, 2009 at 10:46 AM, Noufal Ibrahim wrote:
> 0 day Django exploit in the wild -
> http://news.ycombinator.com/item?id=872533
> http://www.djangoproject.com/weblog/2009/oct/09/security/
>
> Fixed rather quickly but found rather late. One of the reasons is
> probably because of th
On Sat, Oct 10, 2009 at 12:31 PM, Anand Balachandran Pillai
wrote:
[..]
> For example, this is a very common way of doing a select using PHP.
>
> $query = "SELECT * FROM products WHERE name=’$productname’";
> mysql_query($query);
>
> Only that this kind of SQL is very vulnerable to SQL i
On Sat, Oct 10, 2009 at 9:03 AM, Noufal Ibrahim wrote:
> On Sat, Oct 10, 2009 at 12:31 PM, Anand Balachandran Pillai
> wrote:
> [..]
>> For example, this is a very common way of doing a select using PHP.
>>
>> $query = "SELECT * FROM products WHERE name=’$productname’";
>> mysql_query($qu
On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten wrote:
>
> I have done 2 php pages and a bunch of python. My guess is PHP makes
> it easier to write vulnerable code, but I am really going on on a limb
> here, so I'll not try to support this notion.
+1 PHP indeed makes it easier to write vulnerable
On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten wrote:
[..]
> I need to inject...
>
> The line should be:
>
> cursor.execute(query, ('burger', '2009-09-10 12:00:00'))
Ah. Then it's just a case of the API doing the quoting internally
which points to a better API than a better language.
> and to kee
On Sat, Oct 10, 2009 at 10:05 AM, Noufal Ibrahim wrote:
> On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten wrote:
> [..]
>> I need to inject...
>>
>> The line should be:
>>
>> cursor.execute(query, ('burger', '2009-09-10 12:00:00'))
>
> Ah. Then it's just a case of the API doing the quoting internal
On Fri, Oct 9, 2009 at 11:23 PM, abstract things
wrote:
> Hello All,
>
> My name is Sundar and I am Senior Python programming language user [?] (I
> mean 3+ years). I like Python programming. Well, I haven't registered for
> PyCon early enough but I attended Mayavi, Algorithms and Semantic Web t
On Sat, Oct 10, 2009 at 10:20 PM, Anand Balachandran Pillai
wrote:
[..]
> I am sorry, but I decided not to present this talk tomorrow. I had thought
> of presenting OpenCalais as an example of top down semantic web but
> with some prejudices already about the topic, I think I will be better
> off
On Saturday 10 Oct 2009 8:09:17 pm Vivek Khurana wrote:
> On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten
wrote:
> > I have done 2 php pages and a bunch of python. My guess is PHP makes
> > it easier to write vulnerable code, but I am really going on on a limb
> > here, so I'll not try to support
On Sun, Oct 11, 2009 at 6:55 AM, Kenneth Gonsalves
wrote:
>
> wishful thinking
How ?
regards
Vivek
--
The hidden harmony is better than the obvious!!
___
BangPypers mailing list
BangPypers@python.org
http://mail.python.org/mailman/listinfo/bangpyper
On Sat, Oct 10, 2009 at 8:35 PM, Noufal Ibrahim wrote:
> On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten
> wrote:
> [..]
> > I need to inject...
> >
> > The line should be:
> >
> > cursor.execute(query, ('burger', '2009-09-10 12:00:00'))
>
> Ah. Then it's just a case of the API doing the quoting i
11 matches
Mail list logo
