Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,150,600 members, 7,809,179 topics. Date: Friday, 26 April 2024 at 03:20 AM |
Nairaland Forum / Science/Technology / Webmasters / Sql Injection How Do I Prevent It (920 Views)
How Do I Prevent My Website From Being Hacked? / Mysql.com Vulnerable To Blind Sql Injection Vulnerability / Quick Sql Injection Vulnerability Test (2) (3) (4)
Sql Injection How Do I Prevent It by pagolina: 12:34pm On Jun 29, 2009 |
can some body help me? i run my application with php mysql how do i prevent it from being hack via the login field? thank you |
Re: Sql Injection How Do I Prevent It by yawatide(f): 5:09pm On Jun 29, 2009 |
for one, sanitize your form input. |
Re: Sql Injection How Do I Prevent It by lojik(m): 5:33pm On Jun 29, 2009 |
aside from yawa-ti-de's post, encrypt your password from clientside. you could use javascript MD5. that helps. View yahoo login page source, thats how it's done. |
Re: Sql Injection How Do I Prevent It by nitation(m): 5:58pm On Jun 29, 2009 |
@ lojik I will strongly advice the poster not to take your advice. How does encrypting a password protect you from SQL INJECTION. I think most naija has turned programming to oshodi high-way where everyone off-ramp as they like. Your solution is nothing but a B-IIIIG Lie. Who taught you that? Where did you attend your own school. Give me your project that you applied such method and see if it will not be bypassed. Anyway, here is a method.
|
Re: Sql Injection How Do I Prevent It by lojik(m): 7:30pm On Jun 29, 2009 |
@nitation sorry abt dat advice. its might not relate to the topic because rather than answer the topic, i probably responded to the question content about "h-ack-ing via the login field". I might have overlooked the topic after reading the content of his question However, though it doesnt prevent sql injection, it prevents hackers using listeners(http://3d2f.com/tags/password/sniffers/) from listening to passwords entered by ur client b4 reaching ur server. refer to: [url]http://infotech.indiatimes.com/articleshow/msid-553621,flstry-1.cms[/url] for yahoo hash function other relevant md5 resources for you: http://perl-md5-login.sourceforge.net/ http://pajhome.org.uk/crypt/md5/auth.html http://www.phpeasystep.com/phptu/26.html http://en.kioskea.net/faq/sujet-2157-how-to-store-and-verify-a-password @poster, no harm meant o. u can still implement my advice as it prove more secure than sending plain passwords over the internet. I use it on all my login pages, yahoo and every major global web app uses it. |
Re: Sql Injection How Do I Prevent It by nitation(m): 8:12pm On Jun 29, 2009 |
and who says MD5 cannot be decrypted. lol - nitation |
Re: Sql Injection How Do I Prevent It by kolitos007: 8:41pm On Jun 29, 2009 |
The question you have asked as been discussed before see https://www.nairaland.com/nigeria?topic=285400.msg4051845#msg4051845 |
Re: Sql Injection How Do I Prevent It by Nobody: 3:39am On Jun 30, 2009 |
nitation:moi . . . you guys should just take it easy already |
Re: Sql Injection How Do I Prevent It by lojik(m): 8:01am On Jun 30, 2009 |
nitation: MD5 decryption requires a lot of computing power and moreover, i use a self-modified version? As far as i know, its still the most difficult to decrypt. Close to impossible they say (because u need an enormous computing power to do that to the algorithm) |
Re: Sql Injection How Do I Prevent It by nitation(m): 9:43am On Jun 30, 2009 |
[s]Post ten correct MD5 hash on this board. [/s] Note that MD5 is not regarded as the best method of encryption - nitation |
Re: Sql Injection How Do I Prevent It by kolitos007: 12:16pm On Jun 30, 2009 |
Poster has your problem been solved as its all going all over again |
Re: Sql Injection How Do I Prevent It by kehers(m): 3:44pm On Jun 30, 2009 |
Yeah, yeah, md5 is not a 100% fool proof way of encrypting db passwords. But then, na naija we dey now, au many people really care about going that extra mile to hack u down (except of course u are interswitch or so ), so its no crime running ur encryption on md5. But for the word sha, md5 is not 100% safe (search around d web for rainbow tables and u'll understand.) Iv stop to use md5 for a while now. I use a password hashing algorithm u can check out here: http://www.openwall.com/phpass/ It gaurantees better encryption security |
Re: Sql Injection How Do I Prevent It by yawatide(f): 4:05pm On Jun 30, 2009 |
kehers, I don't think you should go into developing a web app with that mentality. By so saying, you are implying that only people in Nigeria will view/want to harm your app. That's just like saying that since the game of mancala is an african one (what is mancala? google it ), that nothing should be done to alter it in terms of making the game better. Always code with the greater picture in mind. In the end, you will be a better programmer for it. |
Re: Sql Injection How Do I Prevent It by kolitos007: 4:35pm On Jun 30, 2009 |
yawa-ti-de: Fair point, hackers do it for fun, and will just try to break anything no matter what country you are. |
(1) (Reply)
Blog To The Bank 2010 / Site Review :) / Joomla Help Pls: Error: Could Not Find An Xml Setup File In The Package.
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 22 |