Jump to content

Archived

This topic is now archived and is closed to further replies.

Ninjakreborn

mysql(other) with viruses

Recommended Posts

Is it possible for a Mysql, MsAccess, or other database server to get some sort of virus. For instance, say you have a virus, on a document, or on a zip file, or any other type of file, and you download it to your computer, your computer becomes affective. If you have a form, that accepts an attachment, and that attachment is either getting downloaded to the server, or to the mysql database, could either the server, or the database get a virus from the file, or more of, does the virus stay within the file, and then every time someone browsing the site calls, it for instance, I am working on a site, people submit stuff to the database, files actually, and other people can view those files, if someone sends a file in with a virus I need to find out
1. Can it affect the database
2. Can it affect the server
3. Does it stay in the file and make every person who downloads it get infected.
4. If it does happen like that, is there any way for me to virus scan before it goes into the database, virus scan the database, or virus scan the server if it's on the server, or do a scan before the person downloads, thanks for the advice, I appreciate it.

Share this post


Link to post
Share on other sites
A virus is a peice of executable code.
If it isn't executed, it doesn't do damage. Databases are nothing more then a unit of organized storage.
They can't get infected unless you aquire the file on the computer and then run it yourself.

Most servers don't do anything but "Serve".... It would think it would be pretty unusual for it to execute uploaded information.

If a hacker knows where his uploads are being placed, he could potentially upload a virus, and then execute a mallicious php script he uploaded too that calls the system() function (which would execute the code).

But essentially you don't have much to worry about so long as you guard your writable remote directorys.

Thanks to microsoft, they execute stuff without asking for your permission half of the time which is why getting viruses via email is such a big deal. In every other situation your pretty safe from that sort of thing.

I would think that once you've aquired a virus that was uploaded to your site, handing it back out to more people is another issue you could look at. For they could potentially download it and "execute" it without knowing otherwise.

Share this post


Link to post
Share on other sites
Can I get something on my server to scan the viruses before database entry, and reject them incase, so there is no chance for a end user, getting something malicious, that would not be cool, if someone started getting viruses from a site I built, that would be embarrasing, or does mysql have any sort of functions to pick up on viruses(I doubt,) but it's worth asking.

Share this post


Link to post
Share on other sites
MySQL knows nothing about this -- it just stores raw data, and doesn't "do" anything with it. As far as uploads are concerned, you're obviously using middleware to handle it, so I don't see any reason why you can't scan attachment at that level. Provided you're not doing anything fancy -- like giving you users SUPER permissions or the ability to make UDFs and things like that -- MySQL won't be at fault.

Share this post


Link to post
Share on other sites
I don't know what middle ware is, it's simply a place where people can upload stuff, that is funny, so other people can view it later when they call the database. I just want to make sure and see if there is a way for me to scan the files for viruses, at some point or another to protect end users from getting viruses when they look at, or download the files from the site.

Share this post


Link to post
Share on other sites
PHP is your middleware -- the place "between" the user and the MySQL database. Once you have the uploaded file, do with it as you please: if you want to scan it, go nuts.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.