„Leyrers Online Pamphlet“ ist die persönliche Website von mir, Martin m³ Leyrer. Die hier veröffentlichten Beiträge spiegeln meine Ideen, Interessen, meinen Humor und fallweise auch mein Leben wider.
The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.

 

Rückmeldung / Feedback

About Me

 

RSS Feed RSS Feed

 

Search the site:

Tag cloud:

2007, a-trust, a.trust, accessability, acta, advent, age, amazon, ankündigung, apache, apple, audio, austria, backup, bba, big brother awards, birthday, blog, blogging, book, books, browser, Browser_-_Firefox, buch, bürgerkarte, cars, cartoon, cfp, christmas, cloud, computer, concert, conference, copyright, date, datenschutz, debian, delicious, demokratie, design, desktop, deutsch, deutschland, developer, digitalks, dilbert, disobay, dna, dns, Doctor Who, documentation, domino, Domino, download, drm, dvd, e-card, e-government, e-mail, E71, Ein_Tag_im_Leben, email, eu, event, exchange, Extensions, fail, feedback, film, firefox, flightexpress, food, foto, fsfe, fun, future, games, gaming, geek, geld, gleichberechtigung, google, graz, grüne, hack, hacker, handy, hardware, history, howto, hp, html, humor, ibm, IBM, ical, image, innovation, intel, internet, internet explorer, iphone, ipod, isp, IT, it, java, javascript, job, journalismus, keyboard, knowledge, konzert, language, laptop, law, lego, lenovo, life, links, linux, Linux, linuxwochen, linuxwochenende, living, london, lost+found, Lotus, lotus, Lotus Notes, lotus notes, LotusNotes, lotusnotes, Lotusphere, lotusphere, Lotusphere2006, lotusphere2007, lotusphere2008, Lotusphere2008, lustig, m3_bei_der_Arbeit, mac, mail, marketing, mathematik, media, medien, metalab, Microsoft, microsoft, mITtendrin, mobile, mood, movie, mp3, multimedia, music, musik, männer, netwatcher, network, news, nokia, notes, Notes, Notes+Domino, office, online, OOXML, openoffice, opensource, orf, orlando, patents, pc, pdf, perl, personal, php, picture, pictures, podcast, politics, politik, press, presse, privacy, privatsphäre, programming, protest, qtalk, quintessenz, quote, quotes, radio, rant, recherche, recht, release, review, rezension, rss, science, search, security, server, sf, Show-n-tell thursday, sicherheit, silverlight, SnTT, social media, software, sony, space, spam, sprache, spö, ssh, standards, storage, story, stupid, summerspecial, sun, sysadmin, technology, theme, thinkpad, tip, tipp, tools, topgear, torrent, travel, truth, tv, twitter, ubuntu, uk, unix, update, usa, vds, video, videoüberwachung, vienna, vim, Vim, vista, vorratsdatenspeicherung, wahl, wcm, web, web 2.0, web2.0, web20, Web20, webdesign, werbung, wien, wikileaks, windows, windows 7, wired, wishlist, wissen, Wissen_ist_Macht, wlan, work, wow, wtf, wunschzettel, Wunschzettel, www, xbox, xml, xp, zensur, zukunft, zune, österreich, övp, übersetzung, überwachung

 

Webtermine.at

Webtermine.at - Österreichweite Termine

Blogroll

Supported Sites/Ideas

Say No to Online Censorship!

Apple's uses of DRM Play Ogg!

Sonntag, 27 Jänner 2008

What 20 Mio. Euros apparently can't buy ...

… is a database that’s immune to SQL injection attacks. The European Telecommunications Standards Institute (ETSI) is a standardization organization of the telecommunications industry (equipment makers and network operators) in Europe, with worldwide projection. ETSI has been successful in standardizing the GSM cell phone system and the TETRA professional mobile radio system. Also, several standards regarding data retention were developed by ETSI. According to Wikipedia, ETSi hat a budget of over 20 Mio. Euros in 2005. Apparently, that was not enough money to secure the database/application against SQL injection attacks. Try http://www.etsi.org/Application/Search/?search=’ and you get: An unhandled exception occurred during the execution of the current web request Nice to see, that Microsofts „Security Initiative” reached the well educated .NET programmers at ETSI.

Tagged as: , , , , | Author:
[Sonntag, 20080127, 22:49 | permanent link | 2 Kommentar(e)

default mäßig ist der debug parameter für detaillierte error messages sogar auf false (zumindest wars früher in asp.net so, es kommt nur der standard asp.net error, der ja auch durch eine freundliche meldung ersetzt werden sollte...), aber wenn sowas beim go live vergessen wird ist meistens alles zu spät und die app wäre auf php wohl kaum besser gelungen... :)

rolf 2008-01-28 23:30

Jup, PHP hätte sie da auch nicht gerechnet.

Aber ich hätte doch angenommen, dass die Auftragnehmer der ETSI Programmierer beschäftigen, die das MS Press Buch "Writing Secure Code, Second Edition" von Michael Howard und David LeBlanc gelesen hätten.

Martin Leyrer 2008-01-29 21:10

Comments are closed for this story.