How do I protect myself?
Posted
by ved
on Stack Overflow
See other posts from Stack Overflow
or by ved
Published on 2010-03-26T23:42:06Z
Indexed on
2010/03/26
23:53 UTC
Read the original article
Hit count: 322
I was poking around at my work computer this evening and was looking at my timesheets. I noticed that all my timesheets had variables in the URLs and I could figure out the numbering scheme for the pages. Then I got a little curious about SQL injection and thought of trying out adding simple SQL injections like "OR 1=1" etc. to see how protected we really were with our timesheet info.
One of these strings yielded a friendly error page saying that an error email was sent to the developer. I am concerned that my ID, and request will be seen by the developer , immediately recognized as SQL injection and will be reported to network security officer as a malicious attempt by an employee to hack the timesheet dB.
what is my defense? I am really worried.
© Stack Overflow or respective owner