This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Testing for SQL Wildcard Attacks (OWASP-DS-001)"
From OWASP
m |
|||
| Line 4: | Line 4: | ||
I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. [[User:Rick.mitchell|Rick.mitchell]] 10:17, 13 August 2008 (EDT) | I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. [[User:Rick.mitchell|Rick.mitchell]] 10:17, 13 August 2008 (EDT) | ||
| + | |||
| + | ---- | ||
| + | |||
| + | This section could be expanded to talk about algorithmic complexity attacks, of which the SQL wildcard attack seems to be a subclass: | ||
| + | * http://www.cs.rice.edu/~scrosby/hash/ (hash functions) | ||
| + | * http://www.usenix.org/event/woot08/tech/full_papers/drewry/drewry_html/ (regular expression) | ||
| + | |||
| + | [[User:Marco|Marco]] 02:34, 22 August 2008 (EDT) | ||
Revision as of 06:34, 22 August 2008
v3 Reviewer Notes
I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. Rick.mitchell 10:17, 13 August 2008 (EDT)
This section could be expanded to talk about algorithmic complexity attacks, of which the SQL wildcard attack seems to be a subclass:
- http://www.cs.rice.edu/~scrosby/hash/ (hash functions)
- http://www.usenix.org/event/woot08/tech/full_papers/drewry/drewry_html/ (regular expression)
Marco 02:34, 22 August 2008 (EDT)
