Testing Web Forms - MySQLWhen should you start to worry about MySQL security? When you start to use the MySQL server over an Internet connection. Why? Because that is when your MySQL server is going to be the most vulnerable to all kinds of attacks, such as alterations and denial of service.
print this article SEARCH DEV SHED |
Make sure that your scripts have all the safeguards in place when dealing with user input no matter how trivial the data in your database might seem. To test whether your web forms are properly protected, enter ''' into your web form. If you get any kind of MySQL error, then you should look at your scripts and try to work it out, because it may be a vulnerability that you cannot afford to have when using MySQL over the Internet. Enter random characters, special symbols and spaces in fields that are meant to be numeric. If you see a MYSQL error, it means that your script passes unchecked values to your MySQL query. This is very dangerous and should not happen. Data escaping and data filtering is very important when dealing with databases, and different scripting languages offer different functions to help escape form data. Some of the functions offered by PHP include mysql_escape_string(), addslashes() and stripslashes(). Other programming languages will have their own like Perl's "quote()". Conclusion This article talked about the general guidelines that you need to follow in order to make MySQL as safe as possible. This is by no means a exhaustive list of guidelines, but it will make your MYSQL server more secure. In future articles we will discuss the MySQL Privilege System.
blog comments powered by Disqus |
/ 23 
Oracle Announces New MySQL Specialization
