search for: magic_quot

In web applications that have user generated content, it is clearly necessary to provide some ability to ''escape'' user generated text to avoid SQL injection, XSS, and other nasty attacks. The existing dogma on this point seems to favor escaping text as it comes out of the database, rather than doing it on the way in. I''m not sure that I understand the logic behind

...ast modify them to use the SQL-standard doubling ('''') to escape quotes.'' In particular, the vulenrability relates to applications that ''use ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3''s addslashes() and magic_quotes. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure.'' Since this is not my field, I''m asking here: how does the above relate to Rails'' built-in SQL sanitizing feature[3]? Should ap...

I just drudged through a bit of the archives and see a FreeBSD bits floating in there that are of some value, but aren''t on the wiki. I posted a few bits on the wiki regarding some FreeBSD cobbling that I''ve done recently and hope that folk find it of use (and start posting their useful bits there as well). http://reductivelabs.com/trac/puppet/wiki/PuppetFreeBSD The