Forum OpenACS Q&A: Response to Stealing Email Addresses -3x

Collapse
5: Response to Stealing Email Addresses -3x (response to 1)
Posted by Don Baccus on 08/13/02 03:41 PM
Actually Ben went through our 3.x codebase and added a bunch of "validate integer" calls to block obvious SQL smuggling attacks.

So yes, I guess a good question is to ask whether or not you're validating your query variables in your custom pages, too, or whether or not a standard page is exploitable because it got missed in Ben's sweep.