Brian Sullivan points out that code injection need not be always through SQL. Though SQL injection is popular, malicious code can be injected through user input during any data retrieval, including for XML and LDAP. He discusses some techniques for protecting against the injection with the common principle of validating every single input from the user. Having a whitelist instead of a blacklist can help as usually you know the allowed parameters and the set of invalid parameters can be infinite. A good article.
skip to navigation | content
ifacethoughtsfreshthoughts
- Ubuntu Defaults To Google Docs For Netbooks
- Inherently, Design Is A Combination Of Art And Engineering
- New Tools I Picked Up In 2009
- Microsoft Agrees To Free Browser Choice
- Get OpenID With Google Profiles
- Only Your Decision Is Remembered, Not Your Reasons
- WordPress Wins Overall Best Open Source CMS Award
- A Mouse For OpenOffice
- C++Next Will Help
- Being Only Better Is Not Enough
contactme
badgesand...
- accessibility
- blogging
- books
- cms
- css
- design
- desktop
- entrepreneurship
- estimation
- feeds
- for executives
- india
- linux
- mindworks
- mobile
- open source
- process
- programming
- project management
- rant
- requirements
- roi
- software for business
- standards
- testing
- this
- toc
- tools
- usability
- web
- wordpress
- wordpress global variables
This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.