Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Use placeholders. For SECURITY!

by theAcolyte (Pilgrim)
on Nov 21, 2003 at 11:58 UTC ( #308853=note: print w/ replies, xml ) Need Help??

in reply to Use placeholders. For SECURITY!

Sorry for a pretty late reply to this post. While I agree with Tilly's post (using placeholders being a Good Thing) if your database is open to subjugation via sql injection, you ought to rethink a few things ...

I don't have any "professional" programming education, but it became aparent to me on my first day of playing with mySQL that you ought to do two things when you have a database table storing credit card info on the web (or anything else that sensitive):

  • Acesses that table with a mySQL user that ONLY has write access permission. You can even set up a 2nd db that has NO user with read permissions (no user that submits a web form). Also, I generally assume you would not chose to name the table of CC numbers something obvious like table_creditcards.
  • Encrypt the CC data in the table

I would imagine, even if you don't understand the idea of placeholders, or preventing a sql injection attack, this ought to stop many potential problems.

BTW, if I'm completely wrong, and these steps accomplish nothing, tell me. :-)

- theAcolyte

Comment on Re: Use placeholders. For SECURITY!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://308853]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (8)
As of 2015-10-06 22:38 GMT
Find Nodes?
    Voting Booth?

    Does Humor Belong in Programming?

    Results (163 votes), past polls