Archive for Security

SQL Column Truncation Vulnerabilities

Wrote on September 20th, 2008 under MySQL, Security

One of the biggest concerns for Web Developers while developing something with SQL, is to avoid SQL-Injection problems, because those are the most common security flaws.

But there are also another flaws that you should be aware about, for example, column truncation vulnerabilities.

This security flaw it’s related with the lack of input length validations and it seems that it is affecting a lot of known applications.

Stefan Esser wrote a great tutorial about this subject it’s a must read.

Joomla! 1.5.6 Released

Wrote on August 14th, 2008 under Content Management Systems, Frameworks, PHP, Releases, Security

Till a couple of days now I was using Joomla! 1.5.5 but yesterday a new release came out.

This new release is a security release made to solve a high level security issue, then it’s recommended to upgrade immediately.

Some websites are already being owned because of this security flaw, do not risk to get owned too and update your website software as soon as possible.

If you need help read the migration/upgrade instructions in here.