From 73f764647baa7cdfb66eb6bf4b2feb96e190ef88 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 1 May 2021 17:50:32 +0200
Subject: Improve our SQLI-related documentation and remove some useless rules

---
 doc/source/features.rst | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

(limited to 'doc')

diff --git a/doc/source/features.rst b/doc/source/features.rst
index 2eebc88..25fd62d 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -480,15 +480,9 @@ to see that people are disabling it on production too.
 We're detecting/preventing this by not allowing the ``CURLOPT_SSL_VERIFYPEER`` and
 ``CURLOPT_SSL_VERIFYHOST`` options from being set to ``0``.
 
-*Cheap* SQL injections detection
-""""""""""""""""""""""""""""""""
+*Cheap* error-based SQL injections detection
+""""""""""""""""""""""""""""""""""""""""""""
 
-In some SQL injections, attackers might need to use comments, a feature that is
-often not used in production system, so it might be a good idea to filter
-queries that contains some. The same filtering idea can be used against
-SQL functions that are frequently used in SQL injections, like ``sleep``, ``benchmark``
-or strings like ``version_info``.
-
-On the topic of SQL injections, if a function performing a query returns ``FALSE``
+If a function performing a SQL query returns ``FALSE``
 (indicating an error), it might be useful to dump the request for further analysis.
 
-- 
cgit v1.3