Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:3917 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 20767 invoked from network); 14 Aug 2003 08:48:24 -0000 Received: from unknown (HELO kame.thewyrd.net) (62.94.153.219) by pb1.pair.com with SMTP; 14 Aug 2003 08:48:24 -0000 Received: (qmail 1119 invoked from network); 14 Aug 2003 08:48:22 -0000 Received: from unknown (HELO lisa) (192.168.1.1) by 192.168.1.10 with SMTP; 14 Aug 2003 08:48:22 -0000 To: internals@lists.php.net Date: Thu, 14 Aug 2003 10:48:32 +0200 User-Agent: KMail/1.5.1 References: <7BE0F4A5D7AED2119B7500A0C94C58AC3D6CCC@DELLSERVER> <20030814081908.93491.qmail@pb1.pair.com> In-Reply-To: <20030814081908.93491.qmail@pb1.pair.com> MIME-Version: 1.0 Content-Disposition: inline Message-ID: <200308141047.59514.cesare@ngi.it> Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released From: cesare@ngi.it (Cesare D'Amico) Alle 11:18, gioved=EC 14 agosto 2003, moshe doron ha scritto: > > How about a form of dos: > > > > '...where id =3D '.$id > > > > with $id =3D '23129 or 1' > > > > this will select all entries in the table which could result in > > DoS... > > > > So, ultimately this problem is the coders responsibility. > > DoS are not equivalent to droping the whole database (in the fast and > soft case...). > most of the system allowing searches, can be DoSed easily. Why not stopping support for