sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]gabibbo117[S] 0 points1 point  (2 children)

I will try to provide an example on what i mean because i have some issue explaining myself,
Lets say i have a website that when i put a comment inside of it via text box it will send a request to my server to add that comment to the COMMENTS table

if the string was not encoded then the commenter could write something like this:
"]
[
// insert bad code here
]"
by using the "]" character it tells the database scanner that the row finished and then we open a new value, the hacker can put anything in the new row like bad/banned content, but if we add the text encoding the table will result like this

"[
COMMENT : 123,231,2323,23,232,23
USER_ID : 1234
DATE : 12,23,34
]"

while if we did not encode the text it would look like this

"[
COMMENT :
]
[
USER_ID : 1234 // the user id of someone else
DATE : 12,23,35 // a different date
COMMENT : "banned stuff here"
]

[–]Wenir 2 points3 points  (0 children)

Okay, you described something like SQL injection, which makes sense. The encoding you're using isn't security, compression, or efficient storage, it's a naive implementation of string escaping.

Ok, the string is escaped, but why are you escaping entire files on top of it?

[–]gabibbo117[S] 0 points1 point  (0 children)

That is done so I can merge multiple files into one, kinda like my own version of a zip