Welcome To The Home Of The Visual FoxPro Experts  
home. signup. forum. archives. search. google. articles. downloads. faq. members. weblogs. file info. rss.
 From: Borislav Borissov
  Where is Borislav Borissov?
 Sofia
 Bulgaria
 Borislav Borissov
 To: Eric den Doop
  Where is Eric den Doop?
 Houten
 Netherlands
 Eric den Doop
 Tags
Subject: RE: Is SEARCH working?
Thread ID: 189352 Message ID: 189391 # Views: 1 # Ratings: 0
Version: Not Applicable Category: Foxite: feedback
Date: Thursday, August 14, 2008 6:15:22 PM         
   


> > Thanks. Interesting, why my name "rubinov" is also blocked? Is this word also used by sql injection bots?
>
> yes, and many others too.
>
> What these guys do is they send a request to the search engine (for example rubinov), followed by an sql injection script which will always fail on my system anyway.
>
> But since their requests come in many times per minute, they are taking resources away because the search request for rubinov is still executed. Until I know a good way to protect the site against these losers, the keywords are blocked.
> --
> Eric den Doop
> www.foxite.com - The Home Of The Visual FoxPro Experts

Why not refuse the whole query if injection attack is involved in query?

-----------------
Borislav Borissov

Against Stupidity the Gods themselves Contend in Vain - Johann Christoph Friedrich von Schiller
The only thing normal about database guys is their tables.

ENTIRE THREAD

Is SEARCH working? Posted by Yuri Rubinov @ 8/14/2008 2:39:25 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 4:14:08 PM
RE: Is SEARCH working? Posted by Yuri Rubinov @ 8/14/2008 5:05:24 PM
RE: Is SEARCH working? Posted by Borislav Borissov @ 8/14/2008 5:17:33 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 6:04:20 PM
RE: Is SEARCH working? Posted by Borislav Borissov @ 8/14/2008 6:15:22 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 7:36:45 PM
RE: Is SEARCH working? Posted by Borislav Borissov @ 8/14/2008 8:45:01 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 9:41:43 PM