Comments (5)
starek4
commented on August 20, 2024
Seems good do it this way:
https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
from fly.
lyarenei
commented on August 20, 2024
Thanks for the reference. But we will now have to get some SQL injections for testing the prevention. The simple ones which I managed to think about are not working. The server responds with error when execution assembled absolutely correct SQL query. Maybe it's just like php has some basic protection against them as you said.
I have conceptually modified one of the UserRepo class method to use the SQL stmt preparation, but I will leave this change locally at my PC, until we discover some SQL injections. I can, however, send you a copy if you want to.
from fly.
starek4
commented on August 20, 2024
It needs to be protected. Only mysqli doesn't protect app properly.
Consider this PHP script. You can apply this injection on any column in our DB.
require_once(__DIR__ . "/db/Db.php");
$name = "admin' OR 1=1 -- ";
$db = new Db();
var_dump($db->Select("SELECT Pass FROM Users WHERE login = '$name' "));from fly.
lyarenei
commented on August 20, 2024
I think, I have completed injection prevention for Query method (proper testing needed, did some quick tests and it passed), but unfortunately Select doesn't go that well.
from fly.
lyarenei
commented on August 20, 2024
All right, it should be all done and hopefully working without any problems.
Changes pushed in 99aaf30
from fly.
Related Issues (20)
- Add logging to web api HOT 1
- Secure password (prevent read password from memory dump [WPF, UNIX]) HOT 2
- Client - separete API HOT 1
- Exception when using same pc by different users... HOT 1
- Windows client - persistance HOT 1
- Design - rework HOT 3
- Video showing and describing Fly app's
- Windows WPF - network error handling HOT 1
- Add install and uninstall scripts for OSX HOT 1
- Add OSX building into FlyUnix makefile HOT 1
- Release fly version 1.1 with OSX client HOT 1
- New phone app HOT 2
- Webpage update - new actions HOT 1
- Web API - support new features HOT 1
- Edit database schema for supporting new features HOT 1
- Implement new features at windows, linux and mac client for fly v2. HOT 2
- Get rid of richardszalay/mockhttp HOT 2
- Find out how detect if logger running on Windows UWP or Windows WPF.
- Remember MAC address of clients HOT 1
- Implement waking mechanism from clients for specific MAC adresses HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fly.