Susceptibility to SQL Injection like Bobby Tables? #3141
Comments
|
Known uses a database library that automatically filters database queries in order to prevent SQL injection attacks. I wasn't aware of this particular post, nor am I aware of successful SQL injection attacks against Known sites. I'm investigating. |
|
I've established that this was not related to Known's core code or database engine. Closing the issue out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue description
In the Known docs under installing on common hosting providers the following how-to is linked for DreamHost:
How to Install the Known platform on a Dreamhost shared server (Oct 2017)
https://www.kiaikim.com/2017/how-to-install-the-known-platform-on-a-dreamhost-shared/
Looking at other posts on the same site the author followed up with:
Surviving a Bobby Tables Attack (dated Mar 2021 but seems to describe 2018?)
https://www.kiaikim.com/2021/surviving-a-bobby-tables-attack/
Why is this important?
I didn't find any issues mentioning SQL Injection or Bobby Tables security or mitigation measures that have been taken. This leads to questions of whether Known has any protection measures against sql injection and similar issues.
Who does this affect?
Possibly everyone.
The text was updated successfully, but these errors were encountered: