[VIM] [Change Request] 21910: WebDB Search Module search Variable SQL Injection (fwd)
security curmudgeon
jericho at attrition.org
Tue Mar 7 16:12:02 EST 2006
I'm trying to figure this out as well =)
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Lois Software
Cc: moderators at osvdb.org
Date: Tue, 7 Mar 2006 16:05:05 -0500 (EST)
Subject: RE: [OSVDB Mods] [Change Request] 21910: WebDB Search Module search
Variable SQL Injection
: : Does this entail your clients installing an upgrade, or applying a
: : patch?
:
: No .. All clients use a common code library and have their own front end
: and databases and connections. So as soon as a change / upgrade /
: enhancement is made to the code, all users of the software begin to use
: the latest changes immediately.
Does this code reside on your servers then? Do your customers use your
servers for everything, ie: you provide a managed service for them? Or do
they just pull the shared code from your server, but use it from their own
sites/servers?
I'm trying to figure out how to word a solution here, and it doesn't sound
like calling it an upgrade or patch is appropriate.
Thanks for helping to clear this up!
Brian
OSVDB.org
More information about the VIM
mailing list