[–] kogir 16y ago ↗ SQL injection is platform independent. It usually targets a specific vendor's DB, but it's crappy code by users of the DB that is at fault.So it's really SQL injection attack hits sites running crappy custom code.Neither SQL server nor IIS are at fault here. [–] dododo 16y ago ↗ it's more a problem with the APIs for talking to the vendor's DB. the easiest way to add user input to a DB query should be the right one. minimally, a DB query should not be trivially the same type as user input. [–] rbanffy 16y ago ↗ Did anyone say it's not platform independent?The article just states a couple of IIS sites got compromised again. It's not blaming IIS for that.And SQL injection is not completely platform independent: your database must support SQL for it to work.
[–] dododo 16y ago ↗ it's more a problem with the APIs for talking to the vendor's DB. the easiest way to add user input to a DB query should be the right one. minimally, a DB query should not be trivially the same type as user input.
[–] rbanffy 16y ago ↗ Did anyone say it's not platform independent?The article just states a couple of IIS sites got compromised again. It's not blaming IIS for that.And SQL injection is not completely platform independent: your database must support SQL for it to work.
[–] [dead] PinkSweater 16y ago ↗ What a load of shit article. This problem IS NOT SPECIFIC TO IIS or MSSQL
4 comments
[ 0.25 ms ] story [ 19.4 ms ] threadSo it's really SQL injection attack hits sites running crappy custom code.
Neither SQL server nor IIS are at fault here.
The article just states a couple of IIS sites got compromised again. It's not blaming IIS for that.
And SQL injection is not completely platform independent: your database must support SQL for it to work.