Re: SPARQL Protocol for RDF / feedback (fwd)

On Wed, 26 Jan 2005, Seaborne, Andy wrote:

> Thanks for the comments - I found them helpful and a bit scary where it talks
> about the issues around long URLs and security tools.

These producs are not exactly refined - i.e. they just look for thiings
like:

->	Very long URI's aimed at buffer overruns.
->	Too many spaces or 0x90 in the URI (buffer overruns too)
->	Things which look like SQL or Access/VBScript (bad code which does
	not escape properly so that SQL constructed on the fly makes it
	to the DB or to the stored procedure/scripting realm)
->	UTF8 or Unicode escape sequences in the ? part (mostly
	for cross site scripting and phising).

and block these. Having said that -even- things like apache cut things off
at 8k for any line or field - and it is common to reduce this.

Dw

193.252.28.6 - - [10/Jan/2005:06:26:04 +0100] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 403 - "-" "-"
80.110.204.152 - - [10/Jan/2005:19:40:17 +0100] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1!
 \x02\xb1\x

Received on Wednesday, 26 January 2005 15:42:50 UTC