This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Testing for SQL Wildcard Attacks (OWASP-DS-001)"

From OWASP
Jump to: navigation, search
m
Line 4: Line 4:
  
 
I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. [[User:Rick.mitchell|Rick.mitchell]] 10:17, 13 August 2008 (EDT)
 
I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. [[User:Rick.mitchell|Rick.mitchell]] 10:17, 13 August 2008 (EDT)
 +
 +
----
 +
 +
This section could be expanded to talk about algorithmic complexity attacks, of which the SQL wildcard attack seems to be a subclass:
 +
* http://www.cs.rice.edu/~scrosby/hash/ (hash functions)
 +
* http://www.usenix.org/event/woot08/tech/full_papers/drewry/drewry_html/ (regular expression)
 +
 +
[[User:Marco|Marco]] 02:34, 22 August 2008 (EDT)

Revision as of 06:34, 22 August 2008

v3 Reviewer Notes

I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. Rick.mitchell 10:17, 13 August 2008 (EDT)


This section could be expanded to talk about algorithmic complexity attacks, of which the SQL wildcard attack seems to be a subclass:

Marco 02:34, 22 August 2008 (EDT)