Bellerophon symbol, variation 7 jonath.co.uk
Wednesday 14th Mar 2007 22:05:17
Inject, infect, object and reject.
Blimey. Just noticed a bunch of comments in the comments table that didn't make any sense. The comments were complete gibberish (with not even a cryptic mention of various forms of Viagra) and referenced a blog entry that didn't even exist. This got me thinking about SQL injection. Hmmmm. So, I've been going through every single form (yeah, okay, so there aren't many), every single query, completely removing any means by which SQL injection could occur. I mean, it was pretty secure before, in that even a successful attempt at SQL injection wouldn't really have revealed much, as the database user account this thing logs in as is extremely limited, barely able to create a new record in the comments table and that's about it, let alone create/delete/amend/view any other records in any other tables. So yeah . . . I keep thinking I should also have one of those distorted images of alphanumeric characters, that you have to type out in a text box somewhere before people can post comments, but the amount of web-bots hitting my web-site (i.e. not very many at all) posting adverts for said pharmaceuticals hasn't really necessitated that . . . yet.

Add your comment (or not):

Name:
URL:
Comment: