Fri, 14 Dec 2007
Beautiful attacks
In Python, if you use smart libraries like SQLObject, SQLAlchemy, and Kid, you can't generate invalid SQL or HTML, so you're not vulnerable to SQL injection, cross-site scripting, and other attacks derived from input validation problems.
Unless you're really smart:
This is a heavily wrapped, heavily abstracted version of SQL injection attacks.
Just a reminder that attacks against syntax aren't all you need to stop; attacks against semantics can be bad, too.
