Changeset View
Changeset View
Standalone View
Standalone View
src/docs/flavor/things_you_should_do_now.diviner
Show First 20 Lines • Show All 128 Lines • ▼ Show 20 Lines | |||||
Of course, the real solution here is to not have SQL injection holes in your | Of course, the real solution here is to not have SQL injection holes in your | ||||
application, ever. As far as I'm aware, this system correctly detected the one | application, ever. As far as I'm aware, this system correctly detected the one | ||||
SQL injection hole we had from mid-2008 until I left in 2011, which was in a | SQL injection hole we had from mid-2008 until I left in 2011, which was in a | ||||
hackathon project on an underisolated semi-production tier and didn't use the | hackathon project on an underisolated semi-production tier and didn't use the | ||||
query escaping system the rest of the application does. | query escaping system the rest of the application does. | ||||
Hopefully, whatever language you're writing in has good query libraries that | Hopefully, whatever language you're writing in has good query libraries that | ||||
can handle escaping for you. If so, use them. If you're using PHP and don't have | can handle escaping for you. If so, use them. If you're using PHP and don't have | ||||
a solution in place yet, the Phabricator implementation of `qsprintf()` is | a solution in place yet, the Phorge implementation of `qsprintf()` is | ||||
similar to Facebook's system and was successful there. | similar to Facebook's system and was successful there. |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0