Brian Loomis Re: Security update: backtick protection
Sep 24, 2008; 15:16
Brian Loomis
Re: Security update: backtick protection
Thanks for the timely change and the willingness to improve.
On Sep 24, 2008, at 3:11 PM, Johan Solve wrote:
> It just occurred to me that encode_sql doesn't protect MySQL object > names properly, so an SQL injection could be possible by abusing ` > in field names. > > I have released the first security update in Knop's history to the > SVN repository. The regular file downloads have not been updated yet > but you can browse the SVN trunk with a web browser and download it > that way even without an SVN client. > > http://code.google.com/p/knop/source/browse/#svn/trunk > > knop_grid and knop_form are affected by the update. > > > -- > Johan Sölve [FSA Member, Lasso Partner] > Web Application/Lasso/FileMaker Developer > MONTANIA SOFTWARE & SOLUTIONS > http://www.montania.se mailto:joh-n@montania.se > (spam-safe email address, replace '-' with 'a') > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <knop@lists.montania.se>. > To unsubscribe, E-mail to: <knop-off@lists.montania.se> > Send administrative queries to <knop-request@lists.montania.se> > List archive http://www.nabble.com/Knop-Framework-Discussion-f29076.html > Project homepage http://montania.se/projects/knop/ > Google Code has the latest downloads at http://code.google.com/p/knop/
############################################################# This message is sent to you because you are subscribed to the mailing list <knop@lists.montania.se>. To unsubscribe, E-mail to: <knop-off@lists.montania.se> Send administrative queries to <knop-request@lists.montania.se> List archive http://www.nabble.com/Knop-Framework-Discussion-f29076.html Project homepage http://montania.se/projects/knop/ Google Code has the latest downloads at http://code.google.com/p/knop/
Sep 24
Johan Solve Security update: backtick protection
Sep 24, 2008; 23:11
Johan Solve
Security update: backtick protection
Sep 24
Johan Solve Re: Security update: backtick protection
Sep 24, 2008; 23:28
Johan Solve
Re: Security update: backtick protection
Sep 24
Johan Solve Re: Security update: backtick protection
Sep 24, 2008; 23:38
Johan Solve
Re: Security update: backtick protection
Search
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!