well ive been working with logins and stuff, and i just thought if you store values in cookies on the users machine, could the user possibly inject a SQL query in there cookie instead to exploit the login depending on how it is coded ?
You need to clean any data that comes from the user that is going to "touch" the database. The best practice would be to clean any data that touches the database, internal or external, to ensure you won't run into issues. -Bing
You could use mysql_real_escape_string. example for SELECT query: <?php $userinput_1 = "skyfe"; $bad_userinput = " ' OR 1 = 1"; //however this userinput isn't so bad yet $bad_query = mysql_query("SELECT id FROM accounts WHERE username = '$userinput_1' AND password = '$bad_userinput' "); //this would be an query that could be abbused by user input $good_query = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string($userinput_1)."' AND password = '".mysql_real_escape_string($bad_userinput)."' "); //good protected query, no SQL injections possible ?> Code (markup): Skyfe.
limit cookie expiration time, use ip tracking with cookies . i mean track ip in db with associated cookie, there is too many ways to prevent injections i hope my tips will be useful for you best of luck
A cookie is like any other input from the user: you have to sanitize it before using it for ANYTHING. In the case of the cookie, it's very easy because you created the values in the cookie, so you know exactly what form they should take. Just make sure they do indeed take that form, and strip or escape any nasty characters, and you're fine.
I'm looking for a web application firewall that will protect my website from all those attacks. I don't have the time to secure my code - any suggestion? I did a quick research and found a few solution out there: Imperva - dotDefender - Sentry - Deny-All - ModSecurity and a few others. Do you have any experience with one of the products above? Thanks for any guideline or direction, Tom
Tom, Sorry, but I almost fell off my chair when I saw this. You really should take the time to review your code and filter inputs from the users. Third party systems that sit between your application and the rest of the world were not intended to secure security issues that should have otherwise been handled at the code level. My suggestion - take the time to secure what you write. If you don't have the time, then sit the code offline until you have the time to audit your code. Security of your code should be a requirement of any development. -Bing