sqlinjectdefense

Download Report

Transcript sqlinjectdefense 

Preventing MySQL
Injection
Sonja Parson
COSC 5010
Security Presentation
April 26, 2005
Introduction
 Used PHP, MySQL, and HTML for
this project
 Can access from the web
 Username and Password needed
to be secure
 Wanted to protect against SQL
injection attacks
MySQL Query Problems
Regular Expression Matching
 Period(.)
 Match any character (including
carriage return and newline)
 [:alnum:]
 Match any alphanumeric characters
Single Quote (‘)
 Ends a query
 Now, you can type your own query into
the field
Simple Solutions
Make sure that you limit the
length of a parameter
 Helps prevent someone from sending
a query to the database through the
username or password fields
Use secure passwords
A Few Functions (PHP)
 Mysql_escape_string()
 Mysql_real_escape_string()
 Crypt()
Mysql_escape_string()
 Escapes a string for use in a mysql
query
 Does not escape % and _
 Does not respect the current charset
setting
 Example:
 <?php




$item = “Sonja’s Laptop”;
$escaped_item = mysql_escape_string($item);
Printf(“%s\n”, $escaped_item);
?>
 Would return:
 Sonja\’s Laptop
Mysql_real_escape_string()
 Identical to
mysql_escape_string(), but is
connection oriented.
 Takes into account the current
charset of the database
connection
 Mysql_escape_string($unescaped_st
ring, $link_to_database);
Crypt()
 Crypt() is a one-way string
encryption (hashing).
 Uses standard DES-based
encryption scheme
 Uses the string and a salt to
encrypt the string
 If the salt is not provided, one is
randomly generated by PHP each
time the function is called.
Conclusion
 By using the aforementioned
functions, you can secure your
database from unwanted attacks
(assuming you wrote good enough code)
 Websites are easy to hack when you
have the source code
 Website is secure from SQL injection
attacks
 SQL injection attacks are easy to do,
but can also be easily guarded against
References
PHP, MySQL functions
 http://pt.php.net/manual/en/ref.m
ysql.php
MySQL Reference Manual: MySQL
Regular Expressions
 http://dev.mysql.com/doc/mysql/e
n/regexp.html