[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] Anyone have any updates on Savannah?
|
From: |
Sylvain Beucler |
|
Subject: |
Re: [Savannah-hackers-public] Anyone have any updates on Savannah? |
|
Date: |
Mon, 29 Nov 2010 19:52:57 +0100 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Mon, Nov 29, 2010 at 01:44:33PM -0500, Paul Smith wrote:
> On Mon, 2010-11-29 at 19:34 +0100, Sylvain Beucler wrote:
> > What I know is there's been a SQL injection leading to illegitimate
> > membership access
>
> Oh blerg. The prevalence of these types of very simple (to avoid and to
> fix) mistakes even on technical sites makes me despair.
I spend several weeks patching hundreds of DB queries to attempt to
get rid of them. That's not so easy because apparently I managed to
miss a couple. Sure, it's easy to avoid when you rewrite from
scratch, but we're talking about legacy code whose rewrite is not
finished yet.
--
Sylvain