Page 1 of 1
Websites wide open to attack ?
Posted: Wed Feb 14, 2007 6:19 am
by CoderGoblin
Apparently there has been a recent report which I thought some people may be interested to view. A summary (yahoo news) is here...
Websites wide open to attack.
Not sure how long the link will last though.
Posted: Wed Feb 14, 2007 7:05 am
by superdezign
SQL is that big of a vulnerability? What are these websites doing incorrectly? There are so many methods for SQL and converting inputted values into valid SQL values.
Posted: Wed Feb 14, 2007 8:02 am
by CoderGoblin
Whilst a lot of people on these forums are aware of SQL injection and preventative techniques, an awful lot of people are not. How many books on PHP actually explain how to prevent SQL injection ?
Posted: Wed Feb 14, 2007 9:44 am
by Maugrim_The_Reaper
Sounds about right - I know of lots of applications that are completely unprotected. Unfortunately they were all written by people who shouldn't ever call themselves "developers" and most of them haven't a rudimentary knowledge of PHP Security. Even the ones that do view the security issues as minor since they tend not to be big enough to attract attention. I'm sure rival scriptkiddies have bigger fish to fry like the large PHPNuke install base...

.
These sort of statistics do offer further ammunition to those who view PHP as being a security addled language. When 99% statistics are thrown around I'm sure it makes most folk deep down consider if the PHP devs would be better off figuring out ways of offering fewer methods for developers to shoot their own feet rather than continuing to blame those using the language who barely know how to type an opening tag let alone escape sql variables...