PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: "Avis, Ed" <avised at kbcfp dot com>
Subject: RE: Intresting case of SQL Injection
Date: Dec 5 2003 4:05PM

If DBD::Sybase wants to use NUL-terminated strings it should certainly
produce a warning (or even an exception) when you try to bind a string
with embedded NUL to a placeholder; silently truncating the string is
not good.

(My feeling is that if at all possible strings should go through
untouched, NULs and all.  But if you do want to truncate them, at
least do so noisily.)

-- 
Ed Avis