February 10, 2009 - SQL Injection

All Users

WMS has been modified to prevent SQL Injection attacks.  SQL Injection is a technique used by hackers to take advantage of non-valid input vulnerabilities to pass malicious commands through a Web application for execution by a backend database. Attackers take advantage of the fact that SQL commands are sometimes chained together with user-provided parameters.  By manipulating those parameters, hackers quietly gain access to data.