Jump to content


Photo

mysql(other) with viruses


  • Please log in to reply
6 replies to this topic

#1 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 02 June 2006 - 12:55 PM

Is it possible for a Mysql, MsAccess, or other database server to get some sort of virus. For instance, say you have a virus, on a document, or on a zip file, or any other type of file, and you download it to your computer, your computer becomes affective. If you have a form, that accepts an attachment, and that attachment is either getting downloaded to the server, or to the mysql database, could either the server, or the database get a virus from the file, or more of, does the virus stay within the file, and then every time someone browsing the site calls, it for instance, I am working on a site, people submit stuff to the database, files actually, and other people can view those files, if someone sends a file in with a virus I need to find out
1. Can it affect the database
2. Can it affect the server
3. Does it stay in the file and make every person who downloads it get infected.
4. If it does happen like that, is there any way for me to virus scan before it goes into the database, virus scan the database, or virus scan the server if it's on the server, or do a scan before the person downloads, thanks for the advice, I appreciate it.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#2 lead2gold

lead2gold
  • Members
  • PipPipPip
  • Advanced Member
  • 164 posts
  • LocationOttawa, On

Posted 02 June 2006 - 01:15 PM

A virus is a peice of executable code.
If it isn't executed, it doesn't do damage. Databases are nothing more then a unit of organized storage.
They can't get infected unless you aquire the file on the computer and then run it yourself.

Most servers don't do anything but "Serve".... It would think it would be pretty unusual for it to execute uploaded information.

If a hacker knows where his uploads are being placed, he could potentially upload a virus, and then execute a mallicious php script he uploaded too that calls the system() function (which would execute the code).

But essentially you don't have much to worry about so long as you guard your writable remote directorys.

Thanks to microsoft, they execute stuff without asking for your permission half of the time which is why getting viruses via email is such a big deal. In every other situation your pretty safe from that sort of thing.

I would think that once you've aquired a virus that was uploaded to your site, handing it back out to more people is another issue you could look at. For they could potentially download it and "execute" it without knowing otherwise.

#3 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 02 June 2006 - 02:05 PM

Can I get something on my server to scan the viruses before database entry, and reject them incase, so there is no chance for a end user, getting something malicious, that would not be cool, if someone started getting viruses from a site I built, that would be embarrasing, or does mysql have any sort of functions to pick up on viruses(I doubt,) but it's worth asking.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#4 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 02 June 2006 - 03:03 PM

MySQL knows nothing about this -- it just stores raw data, and doesn't "do" anything with it. As far as uploads are concerned, you're obviously using middleware to handle it, so I don't see any reason why you can't scan attachment at that level. Provided you're not doing anything fancy -- like giving you users SUPER permissions or the ability to make UDFs and things like that -- MySQL won't be at fault.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#5 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 02 June 2006 - 03:06 PM

I don't know what middle ware is, it's simply a place where people can upload stuff, that is funny, so other people can view it later when they call the database. I just want to make sure and see if there is a way for me to scan the files for viruses, at some point or another to protect end users from getting viruses when they look at, or download the files from the site.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#6 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 03 June 2006 - 03:12 AM

PHP is your middleware -- the place "between" the user and the MySQL database. Once you have the uploaded file, do with it as you please: if you want to scan it, go nuts.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#7 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 03 June 2006 - 01:02 PM

sounds good

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users