Re: RFC 9205 vs. CL0P

Even if authenticated, accepting SQL requests fails to embrace a key architectural precept, i.e. information hiding behind a uniform interface. I dealt with an online vendor the other day, who was using NetSuite and I knew it because the URI pattern included *.cfm i.e. Cold Fusion Markup Language (lol, who else uses that now). You have to work really hard to code CFML to not abstract SQL into named, stored procedures.

This key architectural precept is not reflected in RFC 9205 and I'm not sure how to change that.

The next aspect of the ransomware attack was installing a "web shell." 9205 4.7 kinda gets close... maybe it's out-of-scope, but recommend a white list of headers, to sanitize requests? I'm sure the pirates have a best-practice document for how to sneak SQL requests and "X-*" headers *iff* the target is vulnerable to such attacks. Shouldn't our BP document explain this? No criticism implied, 9205's WIP, these are just my thoughts on the matter in light of current reality.


Received on Friday, 7 July 2023 09:28:21 UTC