SQLninja denial
Jason L Tibbitts III
tibbs at math.uh.edu
Mon Nov 15 16:00:05 UTC 2010
>>>>> "MM" == Mike McGrath <mmcgrath at redhat.com> writes:
MM> [...] Looking at the sqlninja demo, you have to be clear about one
MM> thing, sqlninja is not a scanner / detection tool. It's a takeover
MM> tool.
Just a hypothetical: What if we patched out the takeover functionality?
Obviously I've no idea if that's reasonable or possible, but there's
probably a very strong argument that it's responsible. I think that
deviating from our principle of keeping with upstream would be less
extreme than banning the software entirely.
- J<
More information about the advisory-board
mailing list