× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I guess Cyndi is using an scripting language like PHP.

If you monitor SQL Statements using, let's say QIBM_QZDA_SQL1 you can take some action with a small CL program. It's not easy, I know, but she wants to monitor just 1 user.

But... SQL Injection is based on puting special characters and/or SQL code in your input variables, so when the program concatenate the strings this makes something unwanted for the programmer.

Usually you scan your program running in your specific application server and/or web server looking for holes with a scan tool.

I agree, she needs a powerful tool. I guess HelpSystems owns a tool for that...

Regards

Diego E. KESSELMAN


El 07/08/17 a las 11:20, Rob Berendt escribió:

Which "exit point" is the web application?
Does that fact that you use an sql update in your web application
automatically activate another exit point?
For example, if I have a batch RPG application, and that application has
an sql statement in it which performs an update, would that automatically
use one of the other exit points on the system?

IOW, would an exit point really work for this situation?

While I agree there are some standard coding techniques to minimize the
exposure to SQL injection threats perhaps she's looking at a defense in
depth kind of thing.

Rob Berendt


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.