|
> From: Himes, Jay > > I do agree that poor programming in the language of choice is at fault; > but > I think you would be surprised a how prevalent examples of this > vulnerability are. Additionally it is not confined to machines running asp > or with a particular authentication scheme nor do most monitoring tools > provide any indication that you have been "hacked" as long as no damage is > done. I'm in complete agreement, Jay. There are really two classes of vulnerabilities: platform-specific vulnerabilities and platform-neutral vulnerabilities. Platform-specific issues like the many Windows-specific email viruses and the multitude of IIS vulnerabilities are OS-specific issues. SQL injection is not one of those, per se. Walden was perfectly correct in taking exception to any implication that ASP was the base culprit here; as you both point out, code this bad COULD be written in other languages. But my point still remains that the Microsoft mentality - shipping code that barely works, much less has been through any sort of security and quality testing - is one of the prevailing negative trends in our industry. Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
