on 2020 Apr 23 10:21 AM
Hi All,
In my program, the user has the ability to enter a password for himself. And one of the users had problems during this procedure. It turned out that he was entering the password "k\\xE08"
GRANT CONNECT TO "user1" IDENTIFIED BY 'k\\xE08'
and when this password was stored in the database, it turned into the string "ka8". The reason for this is understandable to me in principle - SAW considers "\\xE0" the code of the letter "a".
Question: Is there any way around this transformation ?
Request clarification before answering.
The password is a SQL string and hence the \\xE0 portion is interpreted as an escape sequence. Likely your database charset is windows-1252 in which case character E0 is a-grave.
The question is, what did you want to have happen? If you wanted the password to be literally the six-character sequence k\\xE08 then you haven't properly sanitized your inputs and your application is vulnerable to SQL-injection attacks.
To fix it, sanitize your inputs by disallowing problematic characters, properly escaping problematic characters or using a host variable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
30 | |
10 | |
8 | |
8 | |
7 | |
7 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.