[SPT/CWIS] wpoison
Cornejo, Luis A.
lcornejo at dep.anl.gov
Wed Jun 7 15:19:02 CDT 2006
OK,
I was able to upgrade to 1.4.0, but this is what I get now
SQL Statement: select ControlledNames.ControlledName,
ControlledNames.ControlledNameId, ControlledNames.ControlledNameTypeId
from ControlledNames, ControlledNameTypes, ResourceNameInts where
ResourceNameInts.ResourceId=690 and
ResourceNameInts.ControlledNameId=ControlledNames.ControlledNameId and
ControlledNameTypes.ControlledNameTypeId=ControlledNames.ControlledNameT
ypeId and (ControlledNameTypes.ControlledNameTypeName='Audience' or
ControlledNameTypes.ControlledNameTypeName='Format');
SQL Error: Table 'ENC2.ControlledNameTypes' doesn't exist
The service runs @:
http://portal.dep.anl.gov/Test/
-Luis-
-----Original Message-----
From: spt-cwis-users-bounces at scout.wisc.edu
[mailto:spt-cwis-users-bounces at scout.wisc.edu] On Behalf Of Edward
Almasy
Sent: Wednesday, June 07, 2006 2:56 PM
To: SPT / CWIS Users Discussion List
Subject: Re: [SPT/CWIS] wpoison
On Jun 7, 2006, at 2:06 PM, Cornejo, Luis A. wrote:
> To the developers, has SPT been developed with SQL Injection
> precautions by using stored procedures and callable statements etc?
Early versions of SPT and CWIS did have a couple of
SQL-injection-related vulnerabilities, but as far as
we know all form and URL (GET) input in the current
version of the software is guarded against injection
attacks.
If you're aware of any security vulnerability in SPT
or CWIS, please let us know ASAP so that it can be
fixed.
Ed
---
Edward Almasy
ealmasy at scout.wisc.edu
Co-Director 1210 W Dayton
Street
Internet Scout Madison
WI 53706
Computer Sciences Department 608-262-6606
(voice)
University of Wisconsin - Madison
608-265-9296 (fax)
_______________________________________________
SPT-CWIS-Users mailing list
SPT-CWIS-Users at scout.wisc.edu
http://scout.wisc.edu/mailman/listinfo/spt-cwis-users
More information about the SPT-CWIS-Users
mailing list