History of Security

Differences from version 4 to 6



@@ -18,7 +18,7 @@

 
 
 !! SQL injection
-A malicious user might try to inject code into the SQL database (Postgres, MySQL etc). Each database engine requires a different version of an attack to present viable SQL. Invalid SQL will result in an error report to the administrator. A 'White Screen', claiming that you are running Bitweaver in test mode, is only returned when the parameter -+IS_LIVE+- set to -+TRUE+- in kernel/config_inc.php. Sites being in production are expected to have set this to -+FALSE+-, while error reports are directed to appropriate error log files.
+A malicious user might try to inject code into the SQL database (Postgres, MySQL etc). Each database engine requires a different version of an attack to present viable SQL. Invalid SQL will result in an error report to the administrator. A 'White Screen', claiming that you are running Bitweaver in test mode, is only returned when the parameter -+IS_LIVE+- set to -+FALSE+- in kernel/config_inc.php. Sites being in production are expected to have set this to -+TRUE+-, while error reports are directed to appropriate error log files.
 
 In the past, some of Bitweaver's search functions allowed the inclusion of additional SQL -+WHERE+- clauses. This was not database agnostic and has been replaced. Now, additional search options build the SQL internally, preventing any possible injection attack.
 
Page History
Date/CommentUserIPVersion
13 Feb 2010 (19:57 UTC)
added alias
laetzer85.178.0.1706
Current • Source
Benjamin Couhe80.4.75.275
View • Compare • Difference • Source
laetzer141.20.150.434
View • Compare • Difference • Source
laetzer141.20.150.433
View • Compare • Difference • Source
laetzer85.178.63.1672
View • Compare • Difference • Source
laetzer85.178.3.1651
View • Compare • Difference • Source