Talk:Testing for SQL Wildcard Attacks (OWASP-DS-001)

v3 Reviewer Notes
I don't think we should list "%" as an "extra" wildcard as it is the standard SQL (Oracle, MS, My, etc) wildcard. Rick.mitchell 10:17, 13 August 2008 (EDT)

This section could be expanded to talk about algorithmic complexity attacks, of which the SQL wildcard attack seems to be a subclass:
 * http://www.cs.rice.edu/~scrosby/hash/ (hash functions)
 * http://www.usenix.org/event/woot08/tech/full_papers/drewry/drewry_html/ (regular expression)

Marco 02:34, 22 August 2008 (EDT)