filmov
tv
Advanced Dynamic Search Queries and How to Protect Them by Eitan Blumin
Показать описание
Language: Hebrew
No, it’s not yet another presentation about SQL injection. We all know how to protect from SQL injections already. But that’s only relevant when you know in advance which columns can be queried by the user and using what kind of operators (“equals”, “like”, “between”, etc.). Instead, what I really want to talk about is when you actually don’t know in advance which parameters to expect, you don’t know in advance the chosen operator to use per each parameter, and you actually want to give the user truly full unlimited control over search criteria. We’ll discuss different methods of achieving advance scenarios, the pros and cons of each, and most importantly: How do you do it without fear of malicious attacks.
No, it’s not yet another presentation about SQL injection. We all know how to protect from SQL injections already. But that’s only relevant when you know in advance which columns can be queried by the user and using what kind of operators (“equals”, “like”, “between”, etc.). Instead, what I really want to talk about is when you actually don’t know in advance which parameters to expect, you don’t know in advance the chosen operator to use per each parameter, and you actually want to give the user truly full unlimited control over search criteria. We’ll discuss different methods of achieving advance scenarios, the pros and cons of each, and most importantly: How do you do it without fear of malicious attacks.
0:42:08
0:55:36
0:07:05
1:01:41
0:07:01
0:09:08
0:11:19
0:05:33
0:02:00
0:07:28
0:05:47
0:01:01
0:10:50
0:16:00
0:03:42
0:12:32
0:04:23
0:34:26
0:04:16
0:09:02
0:05:59
0:22:49
0:06:02
0:01:00