[Care2x-general] Fw: Re: AW: [Care2002-developers] about patients and personnel in the same table

• Mensaje anterior: [Care2x-general] sobre flujo de trabajo en care2x
• Próximo mensaje: [Care2x-general] sobre nuestra distribucion que rompera en mednet 2004 y sera nuestro caballo de batalla en el 2005
• Mensajes ordenados por: [ fecha ] [ hilo ] [ asunto ] [ autor ]

Hi all,

I am very glad about this particular topic because we are actually working to 
test a part of care2x which for a long time was relatively taken for granted.

Just a short history. Way back in 2002, Daniel Frieja from Germany notified me 
of this danger and I followed his suggestion to use the php's native function 
"addslashes()" which neutralizes the user input.  After that and after some 
testing rounds we decided it to be good enough.  

But it could happen that some parts of the program specially those that are 
not explicitly in danger were overlooked. 

So, keep on testing and trying to compromise the system by using this "sql 
inject" attack. Inform us about the results. If you can make the patch 
yourself, it would be much better. Pls send us the patches afterwards.

Thanks,
Elpidio

On Friday 12 November 2004 08:24, Joachim Mollin wrote:
> Sorry,
>
> I tried your example on my system, but I did not come in with that password
>
> Joachim



-- 
Walter Alfonso Núnez Rivera
Médico - Programador
Pascual de Andagoya 140 Lima 32 Perú

• Mensaje anterior: [Care2x-general] sobre flujo de trabajo en care2x
• Próximo mensaje: [Care2x-general] sobre nuestra distribucion que rompera en mednet 2004 y sera nuestro caballo de batalla en el 2005
• Mensajes ordenados por: [ fecha ] [ hilo ] [ asunto ] [ autor ]