Merge branch 'master' of https://github.com/jvoisin/snuffleupagus

author: Ben Fuhrmannek 2021-08-02 10:42:12 +0200
committer: Ben Fuhrmannek 2021-08-02 10:42:12 +0200
commit: 4cda0120313dfd5d71236f6faf87416e93f5f89c (patch)
tree: 0c2c6d15e8ac5287fb3304f96de719547d9e847a /doc/source/features.rst
parent: 6c132e6a1d8d339a20282afb5a4af52eb6bce9db (diff)
parent: e62f226c3ed885808c832040872fc2d73ca46dac (diff)
1 files changed, 3 insertions, 9 deletions
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 2eebc88..25fd62d 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -480,15 +480,9 @@ to see that people are disabling it on production too.
 We're detecting/preventing this by not allowing the ``CURLOPT_SSL_VERIFYPEER`` and
 ``CURLOPT_SSL_VERIFYHOST`` options from being set to ``0``.
-*Cheap* SQL injections detection
+*Cheap* error-based SQL injections detection
-""""""""""""""""""""""""""""""""
+""""""""""""""""""""""""""""""""""""""""""""
-In some SQL injections, attackers might need to use comments, a feature that is
+If a function performing a SQL query returns ``FALSE``
-often not used in production system, so it might be a good idea to filter
-queries that contains some. The same filtering idea can be used against
-SQL functions that are frequently used in SQL injections, like ``sleep``, ``benchmark``
-or strings like ``version_info``.
-On the topic of SQL injections, if a function performing a query returns ``FALSE``
 (indicating an error), it might be useful to dump the request for further analysis.
author	Ben Fuhrmannek	2021-08-02 10:42:12 +0200
committer	Ben Fuhrmannek	2021-08-02 10:42:12 +0200
commit	4cda0120313dfd5d71236f6faf87416e93f5f89c (patch)
tree	0c2c6d15e8ac5287fb3304f96de719547d9e847a /doc/source/features.rst
parent	6c132e6a1d8d339a20282afb5a4af52eb6bce9db (diff)
parent	e62f226c3ed885808c832040872fc2d73ca46dac (diff)