Cannot edit a review and forum on mobile site bug

Encounter an error, or something which isn't working correctly? Please, let us know
mpowell
Posts: 3851
1201 Ratings
Your TCI: na
Joined: Fri Sep 09, 2005 10:22 am

Re: Cannot edit a review and forum on mobile site bug

Post by mpowell »

Without getting too far into the details, there are people who attempt to inject SQL into the URL request. We protect against this on the back end, but other sites might not. So the idea is to make a request like: "http://www.example.com/?site=;select password from registered_users;drop table important_table"

The rules implemented on our server look out for important keywords that are often used in such attacks, and ban those requests. The problem is that sometimes those requests are benign. ("Drop", for example, being a common word.)

Post Reply