Re: SQL cheat sheat

[Jamil Ben Alluch <jamil () autronix com>]

Hello,

I would start with input checking at both the client and server sides. In
order to avoid SQL injection, you'll want to make sure that you never pass
the user input directly to the database.
To sum it up it all comes down to user input filtering to ensure that none
of the SQL escapes are used to do something you do not want done; at the
same time this can be used to prevent XSS attacks.

Moreover you'll probably want to disable warnings and debug information on
your production environment, as this could provide additional information
to the attacker regarding the target syste and the backend dabatase.

It all comes down to checking what the user puts in and what the user gets
back.

Hope this helps.

Best Regards,



--
Jamil Ben Alluch, B.Ing., GCIH
<http://www.autronix.com>
jamil () autronix com
+1-819-923-3012


On Sat, May 18, 2013 at 11:13 AM, Philip Green <pg () givetechback org> wrote:

> Hello PaulDotCom mailing list!
>
> I have a group of programmers working on a site and really, I know more
> about breaking into stuff than defending.
>
>
> What do you guys think the most important thing(s) to tell programmers
> when they are coding a database to try and prevent SQL injection
> attacks occurring?
>
>
> Any website links would really help as well.
>
>
> Thanks in advance.
>
>
> Philip Andrei Green
> =)
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com