View Single Post
Old 21st June 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Quote:
Originally Posted by jggimi View Post
For example, application-layer security issues (such as SQL injection attacks) are not addressed by an OpenBSD firewall, if the attacker's packets are passed by PF.
Thanks for your great insight. I'm just trying to learn, it's very clear to me that you guys know what you are talking about.

So I take it that PF can not inspect the packet and block escape characters contained with the SQL request? So therefore the SQL server has to be totally updated. Would that suffice?

Regards,
Reply With Quote