[nycphp-talk] Injection Attack, any ideas?
mikesz at qualityadvantages.com
mikesz at qualityadvantages.com
Mon Nov 12 22:43:29 EST 2007
Hello Mitch,
Tuesday, November 13, 2007, 6:28:03 AM, you wrote:
> Is there a reason that using prepared statements are not being used?
> That would at least take care of ensuring properly escaped data.
Apparently, you missed the part of this thread that it's not my code.
I inherited it. The code belongs to a bunch of hacks somewhere in the
Former USSR who have long since abandoned ship to generate bigger and
better hacks with similar, if not, the same code base for a lot more
developers to pull their hair out trying to make it work and be secure
too (security and quality never got any space on the project priority
list obviously).
Thanks for the suggestion though, I appreciate it.
--
Best regards,
mikesz mailto:mikesz at qualityadvantages.com
More information about the talk
mailing list