This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Testing for SQL Wildcard Attacks (OWASP-DS-001)
From OWASP
v3 Reviewer Notes
I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. Rick.mitchell 10:17, 13 August 2008 (EDT)
This section could be expanded to talk about algorithmic complexity attacks, of which the SQL wildcard attack seems to be a subclass:
- http://www.cs.rice.edu/~scrosby/hash/ (hash functions)
- http://www.usenix.org/event/woot08/tech/full_papers/drewry/drewry_html/ (regular expression)
Marco 02:34, 22 August 2008 (EDT)
