Join us on FaceBook
Submit Your Code Submit Your Code
Poker Tournaments Poker Tournaments
Poker Guide for Developers Poker Guide for Developers
SEO Monitor SEO Monitor
UpTime Monitor UpTime Monitor
More Weber Sites
PHP Code Search
PHP & MySQL Code Examples
Learn MySQL Playing Trivia
PHPBB2 Templates
Web Development Resources

Relevant Manuals
PHP Manual

PHP Editor
Ajax Tutorials
PHPClasses
Vision.To Design
XML meta language

More Info

It is currently Wed Feb 08, 2012 5:17 pm

View unanswered posts | View active topics


Board index » Security Forums » Security

All times are UTC + 2 hours [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
Mike808
 Post subject: Help PHP database security
PostPosted: Thu Sep 10, 2009 1:00 am 
Offline

Joined: Thu Sep 10, 2009 12:50 am
Posts: 2
Whats to stop an attacker from creating this code and using it to gain access to your database credentials?

<?php
include('http://www.url.com/file.php');
//require('');

//hack code "where user logs in, copies/adds all and deletes all, etc."

//where file.php hold credentials of your mysql database?
?>

Any help as to block this attack?

currently using referral redirect but this this is also unsecure.

Again, any help on this subject would be much appreciated.
Top
 Profile  
 
Mike808
 Post subject: Re
PostPosted: Thu Sep 10, 2009 7:13 am 
Offline

Joined: Thu Sep 10, 2009 12:50 am
Posts: 2
and yes this is possible with 6 lines of code, any ideas?, as I have noticed most chat room / customization scripts are vulnerable to this.

the only other idea I seem to find that works but not effiicient is ip filtering.
Top
 Profile  
 
lostboy
 Post subject:
PostPosted: Thu Sep 10, 2009 4:16 pm 
Offline

Joined: Sun May 02, 2004 11:34 pm
Posts: 6500
Location: toronto, canada
1. place the config file containing the db access above the web root to avoid this

2. add some code to validate that a defined variable is there before allowing access

3. VALIDATE the data being passed to the script

4. ensure that your application validates the user and their permissions

_________________
Lostboy

Cat, the other other white meat

Please read Posting Etiquette before posting

You can always try Google
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Security Forums » Security

All times are UTC + 2 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: