Jump to content

Archived

This topic is now archived and is closed to further replies.

phil88

Security question, how can this be hacked?

Recommended Posts

yes it will return 1 for a match and 0 for no match

Share this post


Link to post
Share on other sites
Ok, thanks for the help. I shall try and incorporate that into what I already have.




I'm still questioning the security of sessions though, so if anyone can explain how secure they are, or point me towards an article or something it would be much appriciated.

Share this post


Link to post
Share on other sites
What are you trying to develop? I am not sure who said it but No matter what you do, if someone wants in they will get in.

Now the most common way to crack a site is by database insertion.

here are two examples these are assumming that you know the username and are trying to by pass the password


[b]' OR 1=1#[/b]
an explanation of this example

The first step was to add a single quote, followed by an OR 1=1 condition, which always returns true, and a hash mark (#), which represents an SQL comment making the rest of the statement irrelevant.

another example

[b]' OR ''='[/b]

This is basicly the same. execpt that it is used for a different style of login script.

this is why I use [code=php:0]mysql_real_escape_string[/code]

Now as far as sessions go. If you are that worried about your site getting [b]cracked[/b] (there is a difference between a hacker and a cracker) then I would read up on sessions (maybe some kind of session_hash) cookies and possiblely recording the users ip address.

Also you might want to require a spam key, alot of sites have them at there contact form. If you do all of this you still will not be totaly secure but like Bussiness man said (I think it was him) All you can do is your best and hope to god it is good enough.

Good luck,
Tom

Share this post


Link to post
Share on other sites
Well at the moment I'm not really developing anything specific, just making various scripts and seeing if I can get in using a webbrowser to places I shouldn't.


Is mysql_real_escape_string a surefire way of preventing all kinds of mysql injections?


Thanks for the tips about session_hash and spam keys, I shall have to read up on them as I've never heard of either of them :p *gets googling*


Edit: I just realised I do know what a spam key is, didn't realise that's what it was called though.

Edit 2: Is session hashing basically, getting the session ID and something unique to the users computer, like IP address, hashing them together, then storing that hash as a session variable, comparing it with a server-stored copy of that hash for that particular user, if the hashes are different then it's been modified?

Share this post


Link to post
Share on other sites
mysql_real_escape_string is not the only way to prevent SQL Injection, you can mix it with other php code like removing all those dangerous tags.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.