How do I protect myself?

Posted by ved on Stack Overflow See other posts from Stack Overflow or by ved
Published on 2010-03-26T23:42:06Z Indexed on 2010/03/26 23:53 UTC
Read the original article Hit count: 322

Filed under:
|

I was poking around at my work computer this evening and was looking at my timesheets. I noticed that all my timesheets had variables in the URLs and I could figure out the numbering scheme for the pages. Then I got a little curious about SQL injection and thought of trying out adding simple SQL injections like "OR 1=1" etc. to see how protected we really were with our timesheet info.

One of these strings yielded a friendly error page saying that an error email was sent to the developer. I am concerned that my ID, and request will be seen by the developer , immediately recognized as SQL injection and will be reported to network security officer as a malicious attempt by an employee to hack the timesheet dB.

what is my defense? I am really worried.

© Stack Overflow or respective owner

Related posts about sql

Related posts about injection