Re: [fw-wiz] Application-level Attacks
From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 01/29/05
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Maybe in reply to: Crispin Cowan: "[fw-wiz] Application-level Attacks"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net> Date: Sat, 29 Jan 2005 10:47:27 -0500
Paul D. Robertson wrote:
>Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
>unexpected input issue-
It's an application-specific flaw in the application accepting the input,
unless I really misunderstand how SQL injection works.
If the thing that is broken is an "application" then attacks against
that break are "application attacks" no?
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Maybe in reply to: Crispin Cowan: "[fw-wiz] Application-level Attacks"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
