Without getting too far into the details, there are people who attempt to inject SQL into the URL request. We protect against this on the back end, but other sites might not. So the idea is to make a request like: "http://www.example.com/?site=;select password from registered_users;drop table important_table"
The rules implemented on our server look out for important keywords that are often used in such attacks, and ban those requests. The problem is that sometimes those requests are benign. ("Drop", for example, being a common word.)
Cannot edit a review and forum on mobile site bug
- mpowell
- Posts: 3851
- 1201 Ratings
- Your TCI: na
- Joined: Fri Sep 09, 2005 10:22 am