1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MySQL database security?

Discussion in 'General Scripting Chat' started by Ice Cube, Jan 11, 2012.

  1. Ice Cube

    Ice Cube Registered Member

    Joined:
    Aug 18, 2011
    Messages:
    57
    Likes Received:
    2
    hey guys i was wondering how can i make my MySQL database safe from SQL injections and XSS exploits.
     
  2. CraigNewmark

    CraigNewmark Registered Member

    Joined:
    Oct 8, 2009
    Messages:
    99
    Likes Received:
    73
    Occupation:
    Stuff
    Location:
    San Fran
    A bunch of different ways. If you are writing a custom app you can control permissions to record inserts, not allow different characters to be inserted and unless you need other people to insert data, don't. Not allowing $_GET and only using $_POST will help as well.
     
  3. Cdman

    Cdman Power Member

    Joined:
    Jul 7, 2011
    Messages:
    608
    Likes Received:
    36
    Random question. me and my friend know nothing about MySql or anything but recently bought a site that uses it. He needed to change some files and insert my password for the server or something. It's not possible for others to see this file, right?
     
  4. Ice Cube

    Ice Cube Registered Member

    Joined:
    Aug 18, 2011
    Messages:
    57
    Likes Received:
    2
    Any easier way to do it for someone like me with 0 coding experiance?
     
  5. bushbabie21

    bushbabie21 Executive VIP Jr. VIP Premium Member

    Joined:
    May 27, 2010
    Messages:
    459
    Likes Received:
    165
  6. kaidoristm

    kaidoristm Power Member

    Joined:
    Feb 13, 2009
    Messages:
    561
    Likes Received:
    726
    Occupation:
    Freelancer
    Location:
    Estonia
    Home Page:
    Without coding nope.
    Best answer for php would be PHP 5.3.0 and above mysql_real_escape_string();
     
  7. Ice Cube

    Ice Cube Registered Member

    Joined:
    Aug 18, 2011
    Messages:
    57
    Likes Received:
    2
  8. bushbabie21

    bushbabie21 Executive VIP Jr. VIP Premium Member

    Joined:
    May 27, 2010
    Messages:
    459
    Likes Received:
    165
  9. makingfastcash22

    makingfastcash22 Senior Member

    Joined:
    Feb 15, 2009
    Messages:
    1,152
    Likes Received:
    178
    Home Page:
    How can we apply this for wordpress blog databases?

    I have been hacked before and it sucks. :(
     
  10. bushbabie21

    bushbabie21 Executive VIP Jr. VIP Premium Member

    Joined:
    May 27, 2010
    Messages:
    459
    Likes Received:
    165
    This is a wordpress plugin..i have it...let me chekc teh dns list but if its not on there..i i will upload it shortly
     
  11. BlueZero

    BlueZero Power Member

    Joined:
    Jul 6, 2011
    Messages:
    500
    Likes Received:
    257
    Occupation:
    Webdeveloper, Project Manager
    Location:
    Byte in the Net
    Home Page:
    The only way to be 100% bulletproof against SQL injections is usin mysql prepared statements.

    mysql_real_escape_string works in the most cases too, but its not bulletproof.
     
  12. bushbabie21

    bushbabie21 Executive VIP Jr. VIP Premium Member

    Joined:
    May 27, 2010
    Messages:
    459
    Likes Received:
    165
    [​IMG]



    Code:
    http://www.virustotal.com/file-scan/report.html?id=6193aa0309ea4f3171636d2336e752ccffa0f5e1f22c21abf96edf4d66589326-1326320601
    File name:
    security-*****.7z
    Submission date:
    2012-01-11 22:23:21 (UTC)
    Current status:
    finished
    Result:
    0/ 43 (0.0%)


    Download link:
    http://www.multiupload.com/XOEB9R7W46
     
    Last edited: Jan 11, 2012
  13. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,147
    From OWASP:
     
  14. xpwizard

    xpwizard Junior Member

    Joined:
    Nov 6, 2010
    Messages:
    198
    Likes Received:
    122
    Unless you've made the code, then it's quite hard. You're always at the mercy of the developer.
    e.g. With Wordpress, you have to rely on the plugin developers being security conscious.

    The best you can hope for is to secure your mysql install. (disable root, disable remote, etc)
     
  15. ILoveCSharp

    ILoveCSharp Regular Member

    Joined:
    Nov 2, 2011
    Messages:
    368
    Likes Received:
    45
    it is not related to database
    it is about your software coding
     
  16. crashus

    crashus Junior Member

    Joined:
    Feb 26, 2012
    Messages:
    196
    Likes Received:
    98
    It is hard to prevent all bad things from happening if you're not familiar with php coding at all. Check out site of your script, if it is wordpress then look for some best practices there and I am sure they have plenty of documentation