The XML Factor

Guardado en:

Detalles Bibliográficos
Publicado en:	Network Computing vol. 15, no. 11 (Jun 10, 2004), p. 79-81
Autor principal:	MacVittie, Lori
Publicado:	Informa
Materias:	United States > US Enterprisewide computing Web services Extensible Markup Language Standards Systems management Servers Digital signatures Alliances Cybersecurity Documents Computer Oriented Programs Personality Networks
Acceso en línea:	Citation/Abstract Full Text + Graphics Full Text - PDF
Etiquetas:	Agregar Etiqueta Sin Etiquetas, Sea el primero en etiquetar este registro!

Descripción
Resumen:	SQL Injection is a common Web application attack, and XML is vulnerable to it as well. Validating your incoming XML documents against XML schema doesn't necessarily prevent this attack. That's because the type "xsdistring" does not preclude special characters and specific SQL keywords that are, after all, of the correct type. To prevent ISO character sets from being exploited, declare the ISO character set you're using for translating Unicode input into ASCII.
ISSN:	1046-4468 0743-9504 0892-2802
Fuente:	ABI/INFORM Global