Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Use placeholders. For SECURITY!

by theAcolyte (Pilgrim)
on Nov 21, 2003 at 11:58 UTC ( #308853=note: print w/ replies, xml ) Need Help??


in reply to Use placeholders. For SECURITY!

Sorry for a pretty late reply to this post. While I agree with Tilly's post (using placeholders being a Good Thing) if your database is open to subjugation via sql injection, you ought to rethink a few things ...

I don't have any "professional" programming education, but it became aparent to me on my first day of playing with mySQL that you ought to do two things when you have a database table storing credit card info on the web (or anything else that sensitive):

  • Acesses that table with a mySQL user that ONLY has write access permission. You can even set up a 2nd db that has NO user with read permissions (no user that submits a web form). Also, I generally assume you would not chose to name the table of CC numbers something obvious like table_creditcards.
  • Encrypt the CC data in the table

I would imagine, even if you don't understand the idea of placeholders, or preventing a sql injection attack, this ought to stop many potential problems.

BTW, if I'm completely wrong, and these steps accomplish nothing, tell me. :-)

- theAcolyte


Comment on Re: Use placeholders. For SECURITY!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://308853]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (6)
As of 2015-07-07 04:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (87 votes), past polls