How do I protect myself?
- by ved
I was poking around at my work computer this evening and was looking at my timesheets. I noticed that all my timesheets had variables in the URLs and I could figure out the numbering scheme for the pages. Then I got a little curious about SQL injection and thought of trying out adding simple SQL injections like "OR 1=1" etc. to see how protected we really were with our timesheet info.
One of these strings yielded a friendly error page saying that an error email was sent to the developer. I am concerned that my ID, and request will be seen by the developer , immediately recognized as SQL injection and will be reported to network security officer as a malicious attempt by an employee to hack the timesheet dB.
what is my defense? I am really worried.