• Björn@swg-empire.de
    link
    fedilink
    arrow-up
    28
    ·
    16 days ago

    An ex-colleague monitored user data for SQL keywords and logged that something nefarious was done. He threw a hissy fit when he found the alarm in his logs. From his avoidance of my questions about what the “attacker” actually tried to do I deduced that he didn’t log the actual message data that was sent.

    Never saw the code. I bet it actually was vulnerable to SQL injection.