[mythtv-users] Hacked?
Cotter, Paul M.
pcotter at kmzr.com
Mon Aug 16 11:57:01 EDT 2004
Agreed, this is probably one of the most prevalent weaknesses in many
web sites. It's easy to do with a lot of sites that use queries against
some kind of data store - doesn't have to be SQL-based. Try LDAP query
injection etc. that can be a lot worse - imagine having your entire
internal LDAP-based directory available for download because you didn't
validate your extranet query form appropriately.
It's an easy thing to overlook, but a horrible thing to discover.
Paul Cotter
~nodisc.
> -----Original Message-----
> From: mythtv-users-bounces at mythtv.org
> [mailto:mythtv-users-bounces at mythtv.org] On Behalf Of Chris Petersen
> Sent: Monday, August 16, 2004 10:28 AM
> To: Discussion about mythtv
> Subject: Re: [mythtv-users] Hacked?
>
> > Interesting. I always assumed it was my MySQL set up not exactly
> > having the most robust security.
>
> Mysql is generally pretty secure (as long as admins remember
> to change the default password away from ''). Unfortunately,
> there are MANY developers who send raw user input to it. The
> simple good practice of quoting and escaping all user input
> would prevent this kind of exploit.
>
> (sorry, this is a pet peeve and I feel I have to rant about
> it -- too many otherwise-great web coders seem to miss this
> point all too often)
>
> -Chris
>
>
More information about the mythtv-users
mailing list