User talk:Jeblad/Archive 1

Security risks in Extension:DataTable
You stated in Extension:DataTable that the extension does not sanitize the SQL code (which is correct) and that therefore arbitrary SQL statements can be injected. Could you kindly provide an example of injecting a statement? RV1971 08:24, 8 September 2009 (UTC)


 * SQL code injection should be pretty strightforward. Usually you end the present statement as a NOP, adds one or several new statemens, and include an additional statement to do the normal work of the SQL statement. Search on the net for other examples. Usually there are a few key indikators that can be used to dismiss dangerous strings. Jeblad 09:46, 13 September 2009 (UTC)