[SPT/CWIS] wpoison
Edward Almasy
ealmasy at scout.wisc.edu
Wed Jun 7 14:55:53 CDT 2006
On Jun 7, 2006, at 2:06 PM, Cornejo, Luis A. wrote:
> To the developers, has SPT been developed with SQL Injection
> precautions by using stored procedures and callable statements etc?
Early versions of SPT and CWIS did have a couple of
SQL-injection-related vulnerabilities, but as far as
we know all form and URL (GET) input in the current
version of the software is guarded against injection
attacks.
If you're aware of any security vulnerability in SPT
or CWIS, please let us know ASAP so that it can be
fixed.
Ed
---
Edward Almasy
ealmasy at scout.wisc.edu
Co-Director 1210 W Dayton
Street
Internet Scout Madison
WI 53706
Computer Sciences Department 608-262-6606
(voice)
University of Wisconsin - Madison
608-265-9296 (fax)
More information about the SPT-CWIS-Users
mailing list