MySQL Security Overview - Testing Web Forms (Page 4 of 4 )
Make sure that your scripts have all the safeguards in place when dealing with user input no matter how trivial the data in your database might seem. To test whether your web forms are properly protected, enter ''' into your web form. If you get any kind of MySQL error, then you should look at your scripts and try to work it out, because it may be a vulnerability that you cannot afford to have when using MySQL over the Internet.
Enter random characters, special symbols and spaces in fields that are meant to be numeric. If you see a MYSQL error, it means that your script passes unchecked values to your MySQL query. This is very dangerous and should not happen.
Data escaping and data filtering is very important when dealing with databases, and different scripting languages offer different functions to help escape form data. Some of the functions offered by PHP include mysql_escape_string(), addslashes() and stripslashes(). Other programming languages will have their own like Perl's "quote()".
Conclusion
This article talked about the general guidelines that you need to follow in order to make MySQL as safe as possible. This is by no means a exhaustive list of guidelines, but it will make your MYSQL server more secure. In future articles we will discuss the MySQL Privilege System.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 18 
