Re: [opennms-devel] Be on the lookout for code that allows SQL injection

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Aug 18, 2009, at 7:25 PM, DJ Gregor wrote:

> Lastly, we might want to make a parameterization-friendly version of
> Querier to make it easier to upgrade old SQL queries in an SQL
> injection-resistant manner.

Great idea. While there should be little danger to a network posed by  
owning an OpenNMS server, the latest arrest on the 130 million credit  
card number scheme showed that SQL injections are a) pretty common and  
b) pretty powerful.

We want to avoid them, of course.

-T

_______________________________________________________________________
Tarus Balog, OpenNMS Maintainer             Main:   +1 919 533 0160
The OpenNMS Group, Inc.                     Fax:    +1 773 345 3645
Email: ta...@op...                    URL: http://www.opennms.org
PGP Key Fingerprint: 8945 8521 9771 FEC9 5481  512B FECA 11D2 FD82 B45C

Re: [opennms-devel] Be on the lookout for code that allows SQL injection

A Java based fault and performance management system

Re: [opennms-devel] Be on the lookout for code that allows SQL injection