[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

SQL Injections

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. SQL Injections
Thread replies: 9
Thread images: 2

Anonymous
SQL Injections 2016-12-17 09:48:55 Post No. 58049059
[Report] Image search: [Google]
File: ds.jpg (18KB, 620x375px) Image search: [Google]
ds.jpg
18KB, 620x375px
SQL Injections Anonymous 2016-12-17 09:48:55 Post No. 58049059 [Report]
Why are they so dangerous? Couldn't you write a simple client side java string that would just return an error if certain characters were entered? How could you bypass code like this?
>>
Anonymous 2016-12-17 09:51:33 Post No.58049105
[Report]
Anonymous 2016-12-17 09:51:33 Post No.58049105 [Report]
>>58049059
>Why are they so dangerous?
Because they expose your database.

>Couldn't you write a simple client side java string that would just return an error if certain characters were entered?
1) You still need server side sanitation, because people can write their own malicious clients
2) Banning characters is a bad idea, do you really want to prevent certain characters used in stuff like password? Imagine if 4chan banned the character ', then how would I write isn't, don't etc?

>How could you bypass code like this?
Write my own client to send a string to the server.

The proper approach here is to use prepared statements in addition to whatever sanitation method you use.
>>
Anonymous 2016-12-17 09:54:16 Post No.58049144
[Report]
Anonymous 2016-12-17 09:54:16 Post No.58049144 [Report]
>>58049105

Write your own client? Do you mean something that would bypass the java thats checking the string?
>>
Anonymous 2016-12-17 10:01:35 Post No.58049277
[Report]
Anonymous 2016-12-17 10:01:35 Post No.58049277 [Report]
>>58049059

> client side

you can't trust the client
>>
Anonymous 2016-12-17 10:02:59 Post No.58049301
[Report]
Anonymous 2016-12-17 10:02:59 Post No.58049301 [Report]
It's not about the client, it's about the server...
>>
Anonymous 2016-12-17 10:03:00 Post No.58049303
[Report]
Anonymous 2016-12-17 10:03:00 Post No.58049303 [Report]
>>58049144
>Write your own client? Do you mean something that would bypass the java thats checking the string?
Yes.

Basically what >>58049277 says, you can't trust the client.
>>
Anonymous 2016-12-17 10:03:17 Post No.58049310
[Report]
Anonymous 2016-12-17 10:03:17 Post No.58049310 [Report]
>>58049144
Kinda, OP has written "a simple client side java [...]", so what does happen if I write my own client?
>>
Anonymous 2016-12-17 10:07:32 Post No.58049365
[Report]
Anonymous 2016-12-17 10:07:32 Post No.58049365 [Report]
Thanks Anons
>>
Anonymous 2016-12-17 11:42:33 Post No.58050916
[Report] Image search: [Google]
Anonymous 2016-12-17 11:42:33 Post No.58050916 [Report]
>>58049059
>client-side sanitation
kek
Thread posts: 9
Thread images: 2
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.