thisisfutile (2/24/2014)
From Steve's editorial:look for potential hacking issues, like updating all of your lookup values to the same string, or embedding script tags in your data.
Can anyone elaborate on either of Steve's two suggestions? I don't understand what either of these ideas mean. I'm hoping that it's obvious after someone explains them but at this point I'm clueless. Any links perhaps?
I believe that the embedded script tags is referring to the scripting equivalent of SQL Injection. It was a common hacking practice to add valid (but malicious) HTML into a comment on a forum, for example, and anyone who loaded up the page (along with all the comments) downloaded and, therefore, executed whatever HTML (and often JavaScript) that was embedded in the original, malicious comment. This method does not target the servers (like SQL Injection attacks) but peer clients.
I hope that I made it clear (and was right).
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!