2008/3/31, Brian Loe :
> On Fri, Mar 28, 2008 at 12:57 PM, Josh wrote:

> I'm not an expert, on this list especially, but it seems to me that
> the firewall is the wrong place to look in regards to stopping SQL
> Injection attacks. The better place would be the coding that allows
> for such attacks.

Well, this is true for all security aspects. Firewall is not the
proper solution,
it is sort of a solution when the proper solution is unavailable. When
your company
have already bought that huge pile of crap which runs on five of your
web servers
and ten of your database server nodes, for which you do not have the
source code,
and no one has the expertise to modify it anyway, even at the vendor.
firewall-wizards mailing list