Why is SQL Injection Still an Issue? According to this report from HP, more than half of the Web apps they tested contained SQL Injection and Cross-Site Scripting flaws. Now, neither of these exploits is new. What is news is how both of these chestnuts still keep hackers plenty busy. The report (which our colleague Dan Rowinski has written about here) has lots of other good information in it, but what caught my eye is this timeline (click to enlarge) showing how long SQL Injection has been with us, almost as long as the Web as been around. It still tops the list of Web app exploits by OWASP here. SQL Injection was first mentioned by Rain.Forest.Puppy in Phrack magazine back in 1998, when s/he cautioned readers "don't assume [any] user's input is ok for SQL queries. " Have we learned anything in the 13-some years since then? Blog rolling with mongoDB, express and Node.js.
Static Version Article and Code updated by loarabia (Larry Olson). Article and Code updated by Toby Clemson In this article I hope to take you through the steps required to get a fully-functional (albeit feature-light) persistent blogging system running on top of node. The technology stack that we'll be using will be node + express + mongoDB all of which are exciting, fast and highly scalable. You'll also get to use jade and stylus for driving the templated views and styling! This article will be fairly in-depth so you may want to get yourself a rather large mug of whatever beverage you prefer before you settle down :) Getting Started / Pre-Requisites. mongoDB Installation is as simple as downloading the installer from here. Node.js I'll assume that you already have an installed version of node.js (why else would you be looking at a how-to?! Npm npm search Getting hold of express Installing express on your system is as easy as: // You may need to run this under sudonpm install express -g !!!
NoSQL Databases: What, Why and When - Lorenzo Alberton. MongoDB. Redis. Apache CouchDB: The Apache CouchDB Project.