Anti-Moronic Posted November 24, 2010 Share Posted November 24, 2010 For obvious reasons, I wouldn't want any links to these sites or resources in this thread. I'd like some advice on where to find *modern* hacking techniques used against php and mysql. I'd prefer some info on PM so that not everybody is exposed to such sites - even suggested queries for google because I'm having a hard time finding reliable information. Also, does anybody have any advice on security books for say network (apache), php, mysql? I doubt I'll get a pm so if I do, I'll donate $20 to charity today! lol Quote Link to comment https://forums.phpfreaks.com/topic/219742-php-mysql-hacking-need-advice/ Share on other sites More sharing options...
efficacious Posted November 25, 2010 Share Posted November 25, 2010 I've actually seen some articles on this. I wish I had them to share with you.. Mostly they were just going over SQL injections.. That seems to be the major way of doing it and there are alot of prebuilt functions to handle it. Most of them deal with simply stripping out code from input before its processed. And as far as network security goes.. DENY ALL except what you say not the other way around. That means shutting down un neccessary ports in your firewalls and setting up your network to only recognize YOUR hardware. So that even if somone was to crack your passwords.. the network would still deny them. Lets face it nothing is perfect tho, its all about how secure the information you have needs to be.. Obvious your not the FBI or federal goverment agency and as long as your not trying to secure like client personal financial information what I've said above should be more then sufficient. Quote Link to comment https://forums.phpfreaks.com/topic/219742-php-mysql-hacking-need-advice/#findComment-1139267 Share on other sites More sharing options...
jim_keller Posted November 25, 2010 Share Posted November 25, 2010 as mentioned above, SQL injections are probably the most common way to exploit a script. A large margin of the code written by novice (and even intermediate) developers usually passes user input directly to SQL queries, which is potentially very bad news. The most reliable way to avoid injection is to use only prepared statements when interacting with the database. Quote Link to comment https://forums.phpfreaks.com/topic/219742-php-mysql-hacking-need-advice/#findComment-1139276 Share on other sites More sharing options...
btherl Posted November 25, 2010 Share Posted November 25, 2010 In novice code, lack of authentication is also an issue. Eg accepting an object identifier from the user where these object identifiers are shared between all users, and not validating the owner of the object before using it in the script. Extreme novice code may even allow users to log themselves in just by passing the username or user id in the url In intermediate code, not authenticating object identifiers is still a huge issue in my experience. Quote Link to comment https://forums.phpfreaks.com/topic/219742-php-mysql-hacking-need-advice/#findComment-1139290 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.