ruqueue-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ruqueue-devel] XSS attacks and SQL injection


From: John Fulton
Subject: Re: [Ruqueue-devel] XSS attacks and SQL injection
Date: Fri, 27 Feb 2009 10:38:59 -0500
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David F. Skoll wrote:
> I heard of ruQueue via a Slashdot article, so I downloaded it.  I took
> a quick look at the code and noticed many places where XSS attacks and
> SQL injection can happen.

Hi David,

Yes, it could use a comb through to protect it against SQL injection. At
least the direct use of mysql_query() should have probably been
abstracted into a separate function so that this kind of clean up would
be easier.

> ru-queue-1.2.2.tar.gz is dated 2005, so maybe it's no longer
> maintained?

Could be. I was heavily involved in the project when I worked at Rutgers
but I left years ago and no longer work on it. I have not seen much done
on it since then.

  John
- --
John Fulton, Assoc. Director IT Systems, 610-330-5650
Lafayette College, 11 Pardee Dr, Easton PA 18042-1775

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJqAkTNZmEpbCkXmERAlQDAKCBvcSqjPCCRPIeDWNgNnrpQAkqFgCfWyXf
aK062O6//IUfB1uTPOaFnqw=
=kdhR
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]