Jump to content

PHP, MySql Hacking? - need advice!

Anti-Moronic

By Anti-Moronic
in PHP Coding Help

 Share

Recommended Posts

Anti-Moronic Regular Member

Anti-Moronic

Posted
Posted

For obvious reasons, I wouldn't want any links to these sites or resources in this thread. I'd like some advice on where to find *modern* hacking techniques used against php and mysql.

 

I'd prefer some info on PM so that not everybody is exposed to such sites - even suggested queries for google because I'm having a hard time finding reliable information.

 

Also, does anybody have any advice on security books for say network (apache), php, mysql?

 

I doubt I'll get a pm so if I do, I'll donate $20 to charity today! lol

Link to comment
Share on other sites
efficacious Member

efficacious

Posted
Posted

I've actually seen some articles on this. I wish I had them to share with you.. Mostly they were just going over SQL injections.. That seems to be the major way of doing it and there are alot of prebuilt functions to handle it. Most of them deal with simply stripping out code from input before its processed. And as far as network security goes.. DENY ALL except what you say not the other way around. That means shutting down un neccessary ports in your firewalls and setting up your network to only recognize YOUR hardware. So that even if somone was to crack your passwords.. the network would still deny them.

 

Lets face it nothing is perfect tho, its all about how secure the information you have needs to be.. Obvious your not the FBI or federal goverment agency and as long as your not trying to secure like client personal financial information what I've said above should be more then sufficient.

Link to comment
Share on other sites
jim_keller Newbie

jim_keller

Posted
Posted

as mentioned above, SQL injections are probably the most common way to exploit a script. A large margin of the code written by novice (and even intermediate) developers usually passes user input directly to SQL queries, which is potentially very bad news. The most reliable way to avoid injection is to use only prepared statements when interacting with the database.

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

In novice code, lack of authentication is also an issue.  Eg accepting an object identifier from the user where these object identifiers are shared between all users, and not validating the owner of the object before using it in the script.  Extreme novice code may even allow users to log themselves in just by passing the username or user id in the url :)

 

In intermediate code, not authenticating object identifiers is still a huge issue in my experience.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.