Reply to if I allow anyone on the web to run SQL queries against my database, what are the obvious attacks hackers will try? — PHP Programming Language

Posted by lawrence k on 04/13/06 09:28

Okay, I just backed up my database, just in case.

The whole schema for the database is here:

http://www.accumulist.com/index.php?whatPage=db.php

You can run any SELECT query against this database that you want, and
send it as a GET request. This would be an example:

http://www.accumulist.com/output.php?whatPage=showSqlQuery&sql=select%20id,%20headline,%20tagCloud.private%20from%20tagCloud

The function that returns this checks to query to see if it contains
the words ALTER, DROP, EMPTY, GRANT, UPDATE, INSERT, and a bunch of
others. It calls die() if it sees any of those words.

For obvious reasons, I'm trepidatious about exposing the database to
this degree. What are some of the obvious, and not so obvious, attacks
that I shoudl expect and defend against?

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация