PHP and SQL Security

Please create an account to participate in the Slashdot moderation system

PHP and SQL Security 305

Posted by CmdrTaco on Tuesday April 27, 2004 @10:38AM from the getting-your-edumacation dept.

An anonymous reader writes "PHP and SQL Security are being proven more weak every day. Uberhacker.Com is running a PHP and SQL security research project to raise awareness of secure scripting. The site hosts guides to secure PHP programming, forums, and scripting challenges to see who can create the most secure scripts."

This discussion has been archived. No new comments can be posted.

PHP and SQL Security

Search 305 Comments Log In/Create an Account

Comments Filter:

Here come the jokes... (Score:0, Funny)

by caluml ( 551744 ) writes: <slashdot&spamgoeshere,calum,org> on Tuesday April 27, 2004 @10:41AM (#8983905) Homepage

When the site falls over, cue the jokes about PHP and MySQL, from the battle-hardened Perl and Postgres veterans.

Share
twitter facebook
"more weak"? (Score:5, Funny)

by Junks Jerzey ( 54586 ) writes: on Tuesday April 27, 2004 @10:43AM (#8983925)

How about "weaker" :P

Share
twitter facebook
Re:Here come the jokes... (Score:3, Funny)

by tcopeland ( 32225 ) * writes: <tom&thomasleecopeland,com> on Tuesday April 27, 2004 @10:44AM (#8983941) Homepage

When/if it does, here's the first challenge:

PHP GAUNTLET CHALLENGE 1 Challenge : Create Article Submition, Display, and Approval System Submitted by : April 10th, 2004 (Date may be changed, number of submitions pending) Requirements: See Below Welcome to the first of many PHP GAUNTLET CHALLEGES. The concept behind these challenges is to have a user create an article submition, display, and approval system. This system has to utilize an SQL database, have email functions, and be portable. When I say "portable" I mean that it should be easily transferable from different template desigins. A good example of an article submition system is the one at Slashdot.org. Specific Requirements: 1. The PHP scripts must be universally executable, meaning, they should be able to be moved to any directory (structure intact) and work properly. 2. The PHP scripts must have a include file called "connect.php", in this file, you should be able to specify the database server, passoword, and userid. An Example of this can be seen below : $dbuser = ''; $dbpass = ''; $dbhost = ''; $dbdatabase = ''; $db = mysql_connect("$dbhost"); mysql_select_db("$dbdat abase",$db); 3. The PHP script must be able to be included into an area of a page, allowing for ease of portability. 4. Register Globals will be on. 5. You will be given 1 database, and unlimited tables. 6. The PHP script must have an article display, submition, and approval system. 7. The submition system must work in conjunction with the approval system. Once something is submitted, it should be able to be emailed to the site webmaster, and then approved by a URL in the email. I know that most of this seems complicated, and very specific. However, I am attempting to make everything as such to give everyone a fair chance. If you wish to add any features, please do so. I will hopefully be submitting an example script for everyone to look off of soon.

Parent Share
twitter facebook
Should I submit this one? (Score:5, Funny)

by blcamp ( 211756 ) writes: on Tuesday April 27, 2004 @10:45AM (#8983951) Homepage

This one is pretty secure...

<?php

// Try to break into this script!
echo "Hello World!";

?>

Share
twitter facebook
magic_quotes (Score:5, Funny)

by ftzdomino ( 555670 ) writes: on Tuesday April 27, 2004 @10:46AM (#8983970)

You could also enable magic_quotes in your php.ini. However, if you\'re too dumb to know the basics of sql, chances are your program won\'t work quite right.

Share
twitter facebook
I can't take a security sight seriously that... (Score:5, Funny)

by bbzzdd ( 769894 ) writes: on Tuesday April 27, 2004 @10:50AM (#8984003)

uses MS Comic font for their articles. Sorry.

Share
twitter facebook
Re:I can't take a security sight seriously that... (Score:5, Funny)

by daeley ( 126313 ) * writes: on Tuesday April 27, 2004 @11:04AM (#8984185) Homepage

Never mind that, they're using a <font> tag to achieve it! The horror! ;)

Parent Share
twitter facebook
404d! (Score:5, Funny)

by michael path ( 94586 ) * writes: on Tuesday April 27, 2004 @11:07AM (#8984239) Homepage Journal

Maybe someone can write a PHP script to take care of the 404 error that occurs when you click on the "home [uberhacker.com]" link on Uberhacker.com [uberhacker.com].

Bad Design Überalles.

Share
twitter facebook
SQL injection 101 ... (Score:5, Funny)

by zonix ( 592337 ) writes: on Tuesday April 27, 2004 @11:11AM (#8984272) Journal

People! Remember the quotes! Do:

delete from table where id = '$var'

Not:

delete from table where id = $var

Try for $var = "10 and id = 11 and id = 12 ...".
z

Share
twitter facebook
Re:Should I submit this one? (Score:5, Funny)

by horza ( 87255 ) writes: on Tuesday April 27, 2004 @11:21AM (#8984409) Homepage

You sound like a security expert. I'm told one of my scripts might be insecure, do you think you could tighten up the following:

<a href="$PHP_SELF?command=date">Click here to see the date</a>
<?php // Try to break into this script!
if ($command) echo system($command);
?>

Thanks,

Phillip.

Parent Share
twitter facebook
Security? (Score:2, Funny)

by natefanaro ( 304646 ) writes: <natefanaro@gmail.com> on Tuesday April 27, 2004 @12:16PM (#8985165) Journal

Why worry about security when your site's been slashdotted? No one can get to it so no one can hack it!!!

Share
twitter facebook
Re:A bad workman blames his tools (Score:3, Funny)

by Wakkow ( 52585 ) * writes: on Tuesday April 27, 2004 @12:52PM (#8985658) Homepage

*clears throat* .. I'd like to take a minute to talk about shop safety. Be sure to read, understand, and follow, all the safety rules that come with your powertools. Knowing how to use your power tools properly will greatly reduce the risk of personal injury. And remember this, there is no more important safety rule than to wear these.. safety glasses.

I wonder if anyone else watches Norm that reads /.

Parent Share
twitter facebook
Re:No. (Score:1, Funny)

by eril ( 759876 ) writes: on Tuesday April 27, 2004 @03:04PM (#8987427)

I sent my insecure scripts to counseling and they feel much better about themselves now.

Parent Share
twitter facebook
Re:Should I submit this one? (Score:2, Funny)

by Finuvir ( 596566 ) writes: <rparle@soylen t r e d . net> on Tuesday April 27, 2004 @03:41PM (#8988112) Homepage

Obviously you've been on slashdot too long to understand humour any more...

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

PHP and SQL Security 305

PHP and SQL Security More Login

PHP and SQL Security

Here come the jokes... (Score:0, Funny)

"more weak"? (Score:5, Funny)

Re:Here come the jokes... (Score:3, Funny)

Should I submit this one? (Score:5, Funny)

magic_quotes (Score:5, Funny)

I can't take a security sight seriously that... (Score:5, Funny)

Re:I can't take a security sight seriously that... (Score:5, Funny)

404d! (Score:5, Funny)

SQL injection 101 ... (Score:5, Funny)

Re:Should I submit this one? (Score:5, Funny)

Security? (Score:2, Funny)

Re:A bad workman blames his tools (Score:3, Funny)

Re:No. (Score:1, Funny)

Re:Should I submit this one? (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot