An ex-colleague monitored user data for SQL keywords and logged that something nefarious was done. He threw a hissy fit when he found the alarm in his logs. From his avoidance of my questions about what the “attacker” actually tried to do I deduced that he didn’t log the actual message data that was sent.
Never saw the code. I bet it actually was vulnerable to SQL injection.
An ex-colleague monitored user data for SQL keywords and logged that something nefarious was done. He threw a hissy fit when he found the alarm in his logs. From his avoidance of my questions about what the “attacker” actually tried to do I deduced that he didn’t log the actual message data that was sent.
Never saw the code. I bet it actually was vulnerable to SQL injection.