sqlinjectdefense
Download
Report
Transcript sqlinjectdefense
Preventing MySQL
Injection
Sonja Parson
COSC 5010
Security Presentation
April 26, 2005
Introduction
Used PHP, MySQL, and HTML for
this project
Can access from the web
Username and Password needed
to be secure
Wanted to protect against SQL
injection attacks
MySQL Query Problems
Regular Expression Matching
Period(.)
Match any character (including
carriage return and newline)
[:alnum:]
Match any alphanumeric characters
Single Quote (‘)
Ends a query
Now, you can type your own query into
the field
Simple Solutions
Make sure that you limit the
length of a parameter
Helps prevent someone from sending
a query to the database through the
username or password fields
Use secure passwords
A Few Functions (PHP)
Mysql_escape_string()
Mysql_real_escape_string()
Crypt()
Mysql_escape_string()
Escapes a string for use in a mysql
query
Does not escape % and _
Does not respect the current charset
setting
Example:
<?php
$item = “Sonja’s Laptop”;
$escaped_item = mysql_escape_string($item);
Printf(“%s\n”, $escaped_item);
?>
Would return:
Sonja\’s Laptop
Mysql_real_escape_string()
Identical to
mysql_escape_string(), but is
connection oriented.
Takes into account the current
charset of the database
connection
Mysql_escape_string($unescaped_st
ring, $link_to_database);
Crypt()
Crypt() is a one-way string
encryption (hashing).
Uses standard DES-based
encryption scheme
Uses the string and a salt to
encrypt the string
If the salt is not provided, one is
randomly generated by PHP each
time the function is called.
Conclusion
By using the aforementioned
functions, you can secure your
database from unwanted attacks
(assuming you wrote good enough code)
Websites are easy to hack when you
have the source code
Website is secure from SQL injection
attacks
SQL injection attacks are easy to do,
but can also be easily guarded against
References
PHP, MySQL functions
http://pt.php.net/manual/en/ref.m
ysql.php
MySQL Reference Manual: MySQL
Regular Expressions
http://dev.mysql.com/doc/mysql/e
n/regexp.html