LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora rejects SQLninja

Fedora rejects SQLninja

Posted Nov 10, 2010 23:10 UTC (Wed) by steelhoof (guest, #71163)
In reply to: Fedora rejects SQLninja by steelhoof
Parent article: Fedora rejects SQLninja

On that previous comment, what other reason would one want the capabilities of SQLninja if not to practice the craft of stealthily injecting and cracking? This qualifies as a kiddie tool for the unskilled to wreak havoc.

Best for the tool to not be in the repository.

(Log in to post comments)

Fedora rejects SQLninja

Posted Nov 11, 2010 9:06 UTC (Thu) by pcampe (guest, #28223) [Link]

I don't care about SQLninja, really. I care about the policy.

Fedora rejects SQLninja

Posted Nov 11, 2010 17:17 UTC (Thu) by Cato (subscriber, #7643) [Link]

There's a valid use of this and other penetration testing tools where you own the web app installation, or have been contracted by the owner to test security.

However, I can understand why Fedora doesn't want to distribute such tools - many people would use them for illegal purposes, and such tools are more clearly aimed at site hacking/cracking than more generic tools such as Perl (very popular as an exploit tool thanks to libwww-perl, but mostly used for non-exploit purposes.)

Fedora rejects SQLninja

Posted Nov 12, 2010 2:38 UTC (Fri) by gerdesj (subscriber, #5446) [Link]

Get a grip.

This is a penetration tool. Either you use it for "good" or "bad". In the end it is still a tool.

It is a piece of software, not something that can hurt you physically - it enables an admin to test their system from the outside for flaws. Yes - it also allows someone else to do the same.

Is that bad?

If I really wanted to test the physical properties of my body, I might start with a really long run, OK a really short run. Err, maybe I'll just wheeze a bit. But I reserve the right to test those limits in any way I choose.

I refuse to allow noddys like you to lose perspective - SQLninja is just a program which is designed to show design flaws in another program.

Use whatever pejorative language you like but its just a piece of auditing software in the end.

Cheers
Jon

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds