May 19, 2009 at 9:50 am
My company has a need to import RSS feed directly into our production database on a regular basis. Our databases were once compromised with malicious embedded javascript code in the table (not related to RSS feed), which would be activated when a user browses our website and cause virus download to user's computer.
I don't want to see the same thing happen again. And I'm not sure how safe it is to import RSS feed directly from a partner company into our database.
Anybody familiar with RSS feed? Thanks.
May 19, 2009 at 10:09 am
I actually just found an article that verifies my concern over RSS feed.
http://www.cgisecurity.com/papers/HackingFeeds.pdf
Any suggestions on best ways to safeguard from the hacking?
May 21, 2009 at 3:15 pm
When you read the feed, specifically make the data a parameter. Use stored procedures and don't ever take the chance that the data from your feed could ever get executed.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply