Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

How one site dealt with SQL injection attack (via) Horrifying story of developer incompetence from Autoweb: “The contractor had no idea how to find and fix the Web page vulnerability that allowed the SQL injection attack code to execute successfully.”

Posted 2nd May 2008 at 9:01 pm

Tagged , , ,

2 comments

  1. Not sure how this counts as incompetence, they had clearly contacted the wrong type of contractor. It happens. At least he was honest enough to tell them to find someone else.

    Noah Slater - 3rd May 2008 14:36 - #

  2. I should have posted a bit more context; that's the contractor that built the site in the first place.

    Simon Willison - 3rd May 2008 15:31 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site