You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by gr...@apache.org on 2013/01/06 18:52:44 UTC

svn commit: r1429560 - in /httpd/httpd/trunk/docs/manual/mod: mod_authn_dbd.html.en mod_authn_dbd.xml mod_authz_dbd.html.en mod_authz_dbd.xml

Author: gryzor
Date: Sun Jan  6 17:52:43 2013
New Revision: 1429560

URL: http://svn.apache.org/viewvc?rev=1429560&view=rev
Log:
Security notes about SQL injection.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.xml
    httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.html.en?rev=1429560&r1=1429559&r2=1429560&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.html.en Sun Jan  6 17:52:43 2013
@@ -141,11 +141,11 @@ configuration required in some web appli
 <div class="section">
 <h2><a name="security" id="security">Preventing SQL injections</a></h2>
 
-  <p>It depends on what DBD driver and backend you use.  With most
-  drivers you don't have to do anything : the statement is prepared
-  by the database at startup, and user input is used only as data.
-  But you may need to untaint your input.  At the time of writing,
-  the only driver that requires you to take care is FreeTDS.</p>
+  <p>Whether you need to care about SQL security depends on what DBD driver
+  and backend you use.  With most drivers you don't have to do anything :
+  the statement is prepared by the database at startup, and user input is
+  used only as data.  But you may need to untaint your input.  At the time
+  of writing, the only driver that requires you to take care is FreeTDS.</p>
   <p>Please read <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> documentation for more information
   about security on this scope.</p>
 </div>
@@ -238,7 +238,7 @@ var comments_identifier = 'http://httpd.
     }
 })(window, document);
 //--><!]]></script></div><div id="footer">
-<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
 if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.xml?rev=1429560&r1=1429559&r2=1429560&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authn_dbd.xml Sun Jan  6 17:52:43 2013
@@ -123,11 +123,11 @@ configuration required in some web appli
 
 <section id="security">
 <title>Preventing SQL injections</title>
-  <p>It depends on what DBD driver and backend you use.  With most
-  drivers you don't have to do anything : the statement is prepared
-  by the database at startup, and user input is used only as data.
-  But you may need to untaint your input.  At the time of writing,
-  the only driver that requires you to take care is FreeTDS.</p>
+  <p>Whether you need to care about SQL security depends on what DBD driver
+  and backend you use.  With most drivers you don't have to do anything :
+  the statement is prepared by the database at startup, and user input is
+  used only as data.  But you may need to untaint your input.  At the time
+  of writing, the only driver that requires you to take care is FreeTDS.</p>
   <p>Please read <module>mod_dbd</module> documentation for more information
   about security on this scope.</p>
 </section>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en?rev=1429560&r1=1429559&r2=1429560&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en Sun Jan  6 17:52:43 2013
@@ -58,6 +58,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#login">Database Login</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#client">Client Login</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#example">Configuration example</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#security">Preventing SQL injections</a></li>
 </ul><h3>See also</h3>
 <ul class="seealso">
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
@@ -151,6 +152,17 @@ DBDExptime 300
 &lt;/Directory&gt;
 </pre>
 
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="security" id="security">Preventing SQL injections</a></h2>
+
+  <p>Whether you need to care about SQL security depends on what DBD driver
+  and backend you use.  With most drivers you don't have to do anything :
+  the statement is prepared by the database at startup, and user input is
+  used only as data.  But you may need to untaint your input.  At the time
+  of writing, the only driver that requires you to take care is FreeTDS.</p>
+  <p>Please read <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> documentation for more information
+  about security on this scope.</p>
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthzDBDLoginToReferer" id="AuthzDBDLoginToReferer">AuthzDBDLoginToReferer</a> <a name="authzdbdlogintoreferer" id="authzdbdlogintoreferer">Directive</a></h2>
@@ -263,7 +275,7 @@ var comments_identifier = 'http://httpd.
     }
 })(window, document);
 //--><!]]></script></div><div id="footer">
-<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
 if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.xml?rev=1429560&r1=1429559&r2=1429560&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.xml Sun Jan  6 17:52:43 2013
@@ -135,6 +135,17 @@ DBDExptime 300
 </highlight>
 </section>
 
+<section id="security">
+<title>Preventing SQL injections</title>
+  <p>Whether you need to care about SQL security depends on what DBD driver
+  and backend you use.  With most drivers you don't have to do anything :
+  the statement is prepared by the database at startup, and user input is
+  used only as data.  But you may need to untaint your input.  At the time
+  of writing, the only driver that requires you to take care is FreeTDS.</p>
+  <p>Please read <module>mod_dbd</module> documentation for more information
+  about security on this scope.</p>
+</section>
+
 <directivesynopsis>
 <name>AuthzDBDQuery</name>
 <description>Specify the SQL Query for the required operation</description>