[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Printf and quoting in general, SQL injection in particular [was: Ema
From: |
Jean Louis |
Subject: |
Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way] |
Date: |
Tue, 22 Jun 2021 03:47:04 +0300 |
User-agent: |
Mutt/2.0.7+183 (3d24855) (2021-05-28) |
* Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> [2021-06-22 03:32]:
> Jean Louis wrote:
>
> > I agree on that. But we cannot possibly expect all possible
> > dangers to be known by all possible programmers at all times
> > especially on this mailing list
>
> OK, so the SQL injection is a common attack vector, but what
> should we call this issue?
It is probably lack of database administration skills. It is nothing
related to Emacs really. There is nothing special to SQL then to any
other kind of user's input. In fact, PostgreSQL and MySQL or MariaDB
are rather safe databases. If user does not have permission to DROP
tables or do something malicious, then it does not have it, finished
there. One can try it, but it will not work.
On the other hand injecting simple malicious Emacs Lisp anywhere in
any file is as a possible option omni-present on Internet, and we
don't even speak about that.
Thousands of users are blindly accepting programs from MELPA or any
kind of ELPA without knowing what is going to happen with the
data. And then we worry about possible SQL injections in Emacs Lisp. I
just wonder how and where SQL injection. Is it maybe by malicious
staff members versed in PostgreSQL? Or maybe Emacs Lisp running some
sensitive data online (without backup) being exposed to online
crackers trying to cheat the code and DROP some tables or do other bad
stuff? It is so unlikely to take place.
Bounty is US $10 from my side if somebody succeeds to SQL inject in my
software a DROP of a table.
--
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
In support of Richard M. Stallman
https://stallmansupport.org/
- Re: Emacs Modular Configuration: the preferable way., (continued)
- Re: Emacs Modular Configuration: the preferable way., Emanuel Berg, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular, Jean Louis, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular, Emanuel Berg, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular, Yuri Khan, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular, Emanuel Berg, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular, tomas, 2021/06/26
- Re: Emacs Modular Configuration: the preferable way., Jean Louis, 2021/06/21
- Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], tomas, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way],
Jean Louis <=
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/28
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22