New "firewall" added

   17

New "firewall" added

I've just launched some new code onto the site that will, hopefully, keep the SQL Injectors from damaging the site. What I've done is placed some code at the top of every page that examines each piece of data that is sent to the website server. There are specific key words and characters that the "scrubber" or "firewall" catches. Those are the pieces of the SQL Injector code that are readily identifiable.

Unfortunately, for the time being this new code is going to cause a lot of "false positive" rejections. You may accidentally enter one of the more common characters that is in the script. I'd tell you what they are, but then I wouldn't be able to post this. :) How about 1337 speak: 3x3cut3 is a bad word.

There will also be some scripts that just fail because of the coding in them.

As I confirm that scripts are not subject to an vulnerabilities, I will dumb down the scrubber or take it off of the script completely. I will start with the most common scripts, like the news and comments. It will take some time to work through them. But, I get a notification every time the firewall picks up bad input, so I can tell easily what needs to be fixed.

Since I launched the code 3 hours ago, it's already rejected 7 SQL Injector attacks.

Jac

Jac ftw

poignant yet witty comment here

Nice work, Jac! Thanks for all the work you've done.

I will rip off the heads of the SQL injectors and shit on their souls

Sklib, you really need to get out more :P

Great to see the site up. Excellent work Jac.

Jac, you are El Macho. For those of you that don't know about SQL and injections and the like, it's not easy at all to catch these sorts of things. Literally every bit of input that comes into the site needs to be scrubbed down and checked, which is a hassle and a half for something this big.

Hope you get a GLS out of this, big guy. You're my hero for the week. ;)

On the other hand, I agree with Skilb's remarks!

Cut off their vile reproductive organs and feed them to the squirrels!

All Hail JAC! Nice work big guy. Thanks for keeping this place running.

Nice Job Jack. :D

your the man!

His the man?

Lesbians use SQL injectors to get pregnant. Spoilers.

Sweetness Jac, new words must be invented to describe you

What like "Jactastic". So it's like: Jac's Jactastic. ;)

Thanks for all your hard work, and that of your helpers. It is much appreciated by all of us.

if i ever become a compsec warrior, i'll make sure to thank jac.

You need to be logged in to post comments