[syslog-ng] SQL escaping
Gergely Nagy
algernon at madhouse-project.org
Mon Nov 24 07:59:17 CET 2014
>>>>> "Nikolay" == Nikolay P <nikolay.p at cos.flag.org> writes:
Nikolay> Is there anything I can do from the syslog-ng side of
Nikolay> things to close this XSS vulnerability or I have to deal
Nikolay> with it in my Web application?
You can apply rewrite rules that replace "<" with "<", for example,
but that's more a workaround than a solution. It is the web app that you
will have to teach to sanitize its input, if you want to avoid such
vulnerabilities.
--
|8]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20141124/d5e8af87/attachment.pgp
More information about the syslog-ng
mailing list