Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: is this script secured enough from internet attacks

by moritz (Cardinal)
on Jun 10, 2011 at 12:23 UTC ( [id://909106]=note: print w/replies, xml ) Need Help??


in reply to is this script secured enough from internet attacks

The antiInjection sub is bullshit. The real way to prevent SQL injections is to use prepared statements and placeholders, instead of disallowing use of some SQL keywords in data.

The checks for "forbidden characters" in the params depends on what you want to do with them eventually, so there's no way for us to assess if it's secure for your use case.

Perl 6 - second systems done right

Replies are listed 'Best First'.
Re^2: is this script secured enough from internet attacks
by tercoz (Acolyte) on Jun 17, 2011 at 08:31 UTC
    Thank you, I shall remove that sub. As I am new here I don't know how to give points, I want to thank you and other people for helping me(points), which way can i do so7
[reply]

      Prepared statements and placeholders don't always work as expected (for example FreeTDS has problems there).

      unpack could cover all injection attempts:

      'INSERT INTO foo(bar) VALUES(0x'.unpack('H*',$value).')'

      [download]

[reply]
[d/l]

        how does this unpack H* insert into work?
        there are no rules, there are no thumbs..
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://909106]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (6)
As of 2024-04-23 21:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found