|
| |||||||
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
04-13-2006, 06:28 AM
| |||
| |||
 if I allow anyone on the web to run SQL queries against my database, what are the obvious attacks hackers will try? Okay, I just backed up my database, just in case. The whole schema for the database is here: http://www.accumulist.com/index.php?whatPage=db.php You can run any SELECT query against this database that you want, and send it as a GET request. This would be an example: http://www.accumulist.com/output.php...rom%20tagCloud The function that returns this checks to query to see if it contains the words ALTER, DROP, EMPTY, GRANT, UPDATE, INSERT, and a bunch of others. It calls die() if it sees any of those words. For obvious reasons, I'm trepidatious about exposing the database to this degree. What are some of the obvious, and not so obvious, attacks that I shoudl expect and defend against?      |
|
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Linear Mode
