Results 1 to 4 of 4

Thread: Script injection attacks on mysql

  1. 24th September 2008, 10:50 PM #1
    RFH Customer: webb0
    webb0 is offline Red Fox Hosting Customer
    Join Date
    Jun 2005
    Location
    London
    Posts
    24
    Thanks
    2
    Thanked 1 Time in 1 Post

    Default Script injection attacks on mysql

    I'm used to working with ASP/SQL Server and know quite a few databases have been infected by script injection attacks. As well as some defensive programming I normally use stored procedures and a user id with the minimum amount of permissions necessary in my connect string to prevent this.
    However I noticed in an earlier post that per user permissions are not supported. I'm new to mysql and just finding my way round phpmyadmin - I cant see anything about stored procedures.
    Just wondered if/how other people are handling this ? (I'm using asp/mysql). Any tips/re-assurance appreciated.
    cheers
    Reply With Quote Reply With Quote
  2. 24th September 2008, 11:48 PM #2
    nick's Avatar
    RFH Reseller: nick
    nick is offline Red Fox Hosting Reseller (Guru - PHP)
    Join Date
    Mar 2005
    Location
    Isle of Man
    Posts
    1,261
    Thanks
    3
    Thanked 23 Times in 23 Posts

    Default

    As far as I know PHPMyAdmin does not provide an interface to stored procedures. You can obviously create and view them manually by executing sql within PHPMyAdmin.

    There are many apps you can use to interact with your database that have a gui for creating and viewing stored procedures.

    Either way, you should be able to protect your SQL sufficiently by escaping the input and/or using prepared statements.
    I'm a designer and a programmer
    Reply With Quote Reply With Quote
  3. 25th September 2008, 08:35 AM #3
    Tanzy
    Tanzy is offline Forum Member
    Join Date
    Mar 2005
    Location
    Hampshire
    Posts
    432
    Thanks
    4
    Thanked 3 Times in 3 Posts

    Default

    You can download the GUI tools for mySQL from here

    http://dev.mysql.com/downloads/gui-tools/5.0.html

    I must admit that I prefer to use them than PHPMyAdmin

    Just chill
    Reply With Quote Reply With Quote
  4. 9th October 2008, 08:58 PM #4
    RFH Customer: webb0
    webb0 is offline Red Fox Hosting Customer
    Join Date
    Jun 2005
    Location
    London
    Posts
    24
    Thanks
    2
    Thanked 1 Time in 1 Post

    Default

    Thanks for your advice guys. So far mySql seems pretty nice to work with. I've been using asp so far as it's what I know I can code quickly - next step is to go the whole hog and try a bit of php.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SQL - Warning Injection via querystring
    By SKILLIT in forum MSSQL
    Replies: 2
    Last Post: 23rd July 2007, 07:03 PM
  2. Mail Script
    By chet in forum Web Applications and Scripts
    Replies: 3
    Last Post: 13th May 2007, 08:38 PM
  3. Website Attacks
    By JamesU2002 in forum Garble
    Replies: 2
    Last Post: 26th January 2006, 07:24 PM
  4. forum script
    By Space Cowboy in forum Forum/Community Applications
    Replies: 23
    Last Post: 14th December 2005, 05:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules