Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
White Dwarf Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Nest
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
EN Publishing
Twitter
BlueSky
Facebook
Instagram
EN World
BlueSky
YouTube
Facebook
Twitter
Twitch
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Community
General Tabletop Discussion
*Pathfinder & Starfinder
November 16th release for Web-based Character Builder
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="UngainlyTitan" data-source="post: 5369163" data-attributes="member: 28487"><p>Generally uploaded data is passed to the database. It is inserted into the database in the final step using a database language called SQL (Structured Query Language) and this is usually the place the system is most vunerable. If you can presuade the database update component to run a piece of SQL that you have passed to it, you can do a lot of damage. This is called a SQL Injection attack. Now it is possible that SQL injection attacks are possible in the CB, it is a common enough vulnerability. All data to any database should be checked to ensure that none of it can execute as SQL commands and that any possible commands are sanitised so that they are treated as plain text and not as special commands.</p><p> </p><p>A virus is normally a binary executable that hides in another file. In the case of the CB such data would be invalid of if valid (a picture, for instance) have no effect on the server since once in the database it woudl sit there inert without access the underlying OS. </p><p> </p><p>Viruses usually need access to the OS and usually need privilaged accounts which is why a lot of modern malware exploits the user in order to get permission to run.</p></blockquote><p></p>
[QUOTE="UngainlyTitan, post: 5369163, member: 28487"] Generally uploaded data is passed to the database. It is inserted into the database in the final step using a database language called SQL (Structured Query Language) and this is usually the place the system is most vunerable. If you can presuade the database update component to run a piece of SQL that you have passed to it, you can do a lot of damage. This is called a SQL Injection attack. Now it is possible that SQL injection attacks are possible in the CB, it is a common enough vulnerability. All data to any database should be checked to ensure that none of it can execute as SQL commands and that any possible commands are sanitised so that they are treated as plain text and not as special commands. A virus is normally a binary executable that hides in another file. In the case of the CB such data would be invalid of if valid (a picture, for instance) have no effect on the server since once in the database it woudl sit there inert without access the underlying OS. Viruses usually need access to the OS and usually need privilaged accounts which is why a lot of modern malware exploits the user in order to get permission to run. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Pathfinder & Starfinder
November 16th release for Web-based Character Builder
Top
