You are here: security/sql issues with php « PHP « IT news, forums, messages
security/sql issues with php

Posted by "bruce" on 09/21/05 17:06

hi..

i've been searching/researching the areas of security regarding url input,
form input, as well as database input (mysql). while there are plenty of
articles that touch on the topic, i'm looking for a given site/package/lib
(open source) that is pretty much the standard that i could use for my
website/app...

basically, i don't want to recreate the wheel, if there is already a
serious/good solution to this area. given the importance of this area, i'm
assuming that there is a lib/package that already exists to handle these
issues.

i've looked through google, as well as various open source web apps to see
how some of this is handled, and it appears the level of sophistication for
handling this is all over the place!!

i want to stress, i'm looking for the package/lib that's strong enough/valid
enough to be used in a serious commercial app.. a lot of what i've
seen/suggestions on various sites arent' complete/strong..

(this stuff has got to be around/available, i mean google/ebay/1000's of
sites are up/running without having issues!!!)



URL Issues/Thoughts...
-Should Handle basic regex filtering of POST/GET/REQUEST Querystring data
-Filtering of basic mysql commands/functions/characters
(Insert/Drop/etc...)

Query Array Thoughts/Issues
-Should filter the arrays (GET/POST/REQUEST)
-Filtering of basic mysql commands/functions/characters
(Insert/Drop/etc...)
-Check for datatype
-Set Datatype
-Log all errors/issues

Mysql DB Issues
-Parsing/inspection of all data prior to insertion in sql_query_string
-Use of 'datatype' arg in the query to insure that the correct datatype val
is used in the sql_string
-Regex comparison of the vals prior to use in the sql_string
-Proper usage of slashes/quotations around variables/sql_strings
-Logging of all db interactions

any other things that should be handled

(yeah.. i know, i haven't even gotten into the issue of having separate
db/app servers, and security of the overall hardware/app environment...)

-thanks

-bruce
bedouglas@earthlink.net

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация