savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Anyone have any updates on Savannah?


From: Sylvain Beucler
Subject: Re: [Savannah-hackers-public] Anyone have any updates on Savannah?
Date: Mon, 29 Nov 2010 19:52:57 +0100
User-agent: Mutt/1.5.20 (2009-06-14)

On Mon, Nov 29, 2010 at 01:44:33PM -0500, Paul Smith wrote:
> On Mon, 2010-11-29 at 19:34 +0100, Sylvain Beucler wrote:
> > What I know is there's been a SQL injection leading to illegitimate
> > membership access
> 
> Oh blerg.  The prevalence of these types of very simple (to avoid and to
> fix) mistakes even on technical sites makes me despair.

I spend several weeks patching hundreds of DB queries to attempt to
get rid of them.  That's not so easy because apparently I managed to
miss a couple.  Sure, it's easy to avoid when you rewrite from
scratch, but we're talking about legacy code whose rewrite is not
finished yet.

-- 
Sylvain



reply via email to

[Prev in Thread] Current Thread [Next in Thread]