|
|
Posted by Karl A. Krueger on 08/22/05 06:22
In comp.databases emily_g107@hotmail.com wrote:
> I need to limit results in the following query type:
>
> http://www.somewhere.com/php/sql-a.php3?server=1&db=mydatabase&table=mytable&sql_query=SELECT+Field_1%2CField_2%2CField_3%2Cidno+from+mytable+where+1+and+field_1+like+%22string%22+&sql_order=&pos=1
What you seem to be doing here is very dangerous. Suppose someone saw
that URL and rewrote it as follows:
http://www.somewhere.com/php/sql-a.php3?server=1&db=mydatabase&table=mytable&sql_query=DELETE+FROM+mytable
Or even:
http://www.somewhere.com/php/sql-a.php3?server=1&db=mydatabase&table=mytable&sql_query=DROP+mytable
This is called an "SQL injection" vulnerability -- where your
application allows the user to enter arbitrary SQL statements. These
can yield all sorts of undesired results:
* public accessibility of private information
* destruction of information (as above)
* crashing of your database server (by writing a query that
takes massive computational resources to compute)
* corruption of information, possibly with substantial financial
consequences
As an example of the last, imagine that your database is serving an
online store application, and includes the price list. If the user can
enter an arbitrary query (and the store application has the access
privileges to do so -- another error, perhaps) then the user could alter
prices and then place orders for really cheap goods. :)
--
Karl A. Krueger <kkrueger@example.edu> { s/example/whoi/ }
Navigation:
[Reply to this message]
|