|
|
|
|
|
|
by SkyPuncher
1120 days ago
|
|
|
The headline got me, but the paper lost me. Isn't this saying what most people already knew - user content should never be trusted? These attacks are no different than old school SQL injection attacks when people didn't understand the importance of escaping. Even if a user can't do SQL injection directly, they can get data stored that's injects into some other system. Much harder to pull off, but the exact same concept. |
|
|