Code Injection And Not Just SQL

Brian Sullivan points out that code injection need not be always through SQL. Though SQL injection is popular, malicious code can be injected through user input during any data retrieval, including for XML and LDAP. He discusses some techniques for protecting against the injection with the common principle of validating every single input from the user. Having a whitelist instead of a blacklist can help as usually you know the allowed parameters and the set of invalid parameters can be infinite. A good article.

freshthoughts

contactme

Abhijit Nadgouda

iface Consulting

anadgouda@gmail.com

India

+91 9819820312

Y!: anadgouda
GTalk: anadgouda@gmail.com
MSN: anadgouda@hotmail.com
Skype: anadgouda
My bookmarks

currentproject

Complete Wellbeing

divinetaste

badgesand...

accessibility
blogging
books
cms
css
design
desktop
entrepreneurship
estimation
feeds
for executives
india
linux
mindworks
mobile
open source
process
- agile
programming
- ajax
- cpp
- csharp
- erlang
- java
- javascript
- php
- python
- ruby
project management
rant
requirements
roi
software for business
standards
testing
this
toc
tools
usability
web
wordpress
wordpress global variables

This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.

Twitter - #mumbai - The city has started working today. The fears are still there, but the spirit will help in fighting it.

Served in 0.631 seconds using 20 queries.