On Mon, Mar 03, 2008 at 09:06:43AM +0200, Dotan Cohen wrote: > On 03/03/2008, Andrew Sackville-West <andrew@farwestbilliards.com> wrote: > > > sql injections are 'data' trying to be executable, aren't they? I know > > that generally folks aren't trying to "open" sql "attachements" > > (whatever the hell that might mean) from mutt... > > No, SQL injection is 'data' trying to run unauthorized queries on the database: > http://what-is-what.com/what_is/sql_injection.html for some definition of executable. It's data doing something besides just sitting there being data, but it's a semantic point. I think we're in agreement that lack of root access only an impediment, not a preventative. A
Attachment:
signature.asc
Description: Digital signature