| |||||||||||||
Fedora rejects SQLninjaFedora rejects SQLninjaPosted Nov 10, 2010 16:53 UTC (Wed) by pcampe (guest, #28223)Parent article: Fedora rejects SQLninja
I have no opinion on SQLninja, but according to this new rule, Tor must be removed as it helps circumventing censorship systems in major markets...ehm countries like China.
(Log in to post comments)
Fedora rejects SQLninja Posted Nov 10, 2010 16:57 UTC (Wed) by nteon (subscriber, #53899) [Link]
the language is "has discretion to deny inclusion of the package for
that reason alone", not "must deny inclusion".
Fedora rejects SQLninja Posted Nov 10, 2010 17:04 UTC (Wed) by dmarti (subscriber, #11625) [Link] It would be reassuring to see a human rights exception here. Don't know how it would be worded, though.
Fedora rejects SQLninja Posted Nov 10, 2010 22:57 UTC (Wed) by steelhoof (guest, #71163) [Link]
the concept behind tor is hugely about sidestepping restrictions and maintaining anonymous connections. Why else would one want tor if not to conceal identity and or restrictions.
Fedora rejects SQLninja Posted Nov 10, 2010 23:10 UTC (Wed) by steelhoof (guest, #71163) [Link]
On that previous comment, what other reason would one want the capabilities of SQLninja if not to practice the craft of stealthily injecting and cracking? This qualifies as a kiddie tool for the unskilled to wreak havoc.
Best for the tool to not be in the repository.
Fedora rejects SQLninja Posted Nov 11, 2010 9:06 UTC (Thu) by pcampe (guest, #28223) [Link]
I don't care about SQLninja, really. I care about the policy.
Fedora rejects SQLninja Posted Nov 11, 2010 17:17 UTC (Thu) by Cato (subscriber, #7643) [Link]
There's a valid use of this and other penetration testing tools where you own the web app installation, or have been contracted by the owner to test security.
However, I can understand why Fedora doesn't want to distribute such tools - many people would use them for illegal purposes, and such tools are more clearly aimed at site hacking/cracking than more generic tools such as Perl (very popular as an exploit tool thanks to libwww-perl, but mostly used for non-exploit purposes.)
Fedora rejects SQLninja Posted Nov 12, 2010 2:38 UTC (Fri) by gerdesj (subscriber, #5446) [Link]
Get a grip.
This is a penetration tool. Either you use it for "good" or "bad". In the end it is still a tool.
It is a piece of software, not something that can hurt you physically - it enables an admin to test their system from the outside for flaws. Yes - it also allows someone else to do the same.
Is that bad?
If I really wanted to test the physical properties of my body, I might start with a really long run, OK a really short run. Err, maybe I'll just wheeze a bit. But I reserve the right to test those limits in any way I choose.
I refuse to allow noddys like you to lose perspective - SQLninja is just a program which is designed to show design flaws in another program.
Use whatever pejorative language you like but its just a piece of auditing software in the end.
Cheers
|
|||||||||||||