PaulDotCom mailing list archives
Re: SQL cheat sheat
From: Jamil Ben Alluch <jamil () autronix com>
Date: Sun, 19 May 2013 10:49:16 -0400
Hello, I would start with input checking at both the client and server sides. In order to avoid SQL injection, you'll want to make sure that you never pass the user input directly to the database. To sum it up it all comes down to user input filtering to ensure that none of the SQL escapes are used to do something you do not want done; at the same time this can be used to prevent XSS attacks. Moreover you'll probably want to disable warnings and debug information on your production environment, as this could provide additional information to the attacker regarding the target syste and the backend dabatase. It all comes down to checking what the user puts in and what the user gets back. Hope this helps. Best Regards, -- Jamil Ben Alluch, B.Ing., GCIH <http://www.autronix.com> jamil () autronix com +1-819-923-3012 On Sat, May 18, 2013 at 11:13 AM, Philip Green <pg () givetechback org> wrote:
Hello PaulDotCom mailing list! I have a group of programmers working on a site and really, I know more about breaking into stuff than defending. What do you guys think the most important thing(s) to tell programmers when they are coding a database to try and prevent SQL injection attacks occurring? Any website links would really help as well. Thanks in advance. Philip Andrei Green =) _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SQL cheat sheat Philip Green (May 18)
- Re: SQL cheat sheat allison nixon (May 20)
- Re: SQL cheat sheat Bill Swearingen (May 20)
- Re: SQL cheat sheat Youssef Rebahi-Gilbert (May 20)
- Re: SQL cheat sheat Jamil Ben Alluch (May 20)
- Re: SQL cheat sheat Leon Jacobs (May 20)
- Re: SQL cheat sheat Matt Konda (May 20)
- Re: SQL cheat sheat Patrick Laverty (May 20)
- Re: SQL cheat sheat Michael Allen (May 20)
- Re: SQL cheat sheat Guillaume Ross (May 21)
- Re: SQL cheat sheat Joel Gunderson (May 22)
- <Possible follow-ups>
- Re: SQL cheat sheat Ty Purcell (May 20)
- Re: SQL cheat sheat Bruce Barnett (May 20)