Posted by lawrence k on 04/15/06 02:50

fletch wrote:
> DOS is simple enough
>
> select * from table1,table2,...tableN
>
> Will cause a cross product to be calculated.If each of three tables has
> 10 rows, the query above will return 10^3=1000 rows.

Right. That leads me into making rules, which is discouraging. I can
see the complexity of the rules rapidly expanding and me still missing
most of the important possible attacks.



> MySQL has good permissions, you could connect to the db as a different
> user and with only a limited set of permissions.

I like that idea. Do you have suggestions of what would constitute a
minimal set of permissions that would still enable outsiders to make
queries that I can think of?



> What about functions?
>
> select LOAD_FILE('/etc/passwd');'

I've added a lot of the functions to the forbidden list, I'll probably
end up banning 99% of them.


Or maybe I'll just put all the data in an XML file. This seems,
otherwise, too hard.

• Next in forum: Compiling PHP5 - Can't write module
• Prev in forum: Re: if I allow anyone on the web to run SQL queries against my database, what are the obvious attacks hackers will try?
• Thread view: Re: if I allow anyone on the web to run SQL queries against my database, what are the obvious attacks hackers will try?

[Reply to this message]