It drops the students table. The original code in the school’s program probably looks something like q = “INSERT INTO Students VALUES (‘” + FNMName.Text + “‘, ‘” + LName.Text + “‘)”; This is the naive way to add text input into a query, and is very bad, as you will see. After the values … Read more
The short answer is yes, yes there is a way to get around mysql_real_escape_string(). #For Very OBSCURE EDGE CASES!!! The long answer isn’t so easy. It’s based off an attack demonstrated here. The Attack So, let’s start off by showing the attack… mysql_query(‘SET NAMES gbk’); $var = mysql_real_escape_string(“\xbf\x27 OR 1=1 /*”); mysql_query(“SELECT * FROM test … Read more
The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL, so that data stays data and will never be interpreted as commands by the SQL parser. It is possible to create an SQL statement with correctly formatted data parts, but if you don’t fully … Read more
Strings are immutable. That means once you’ve created the String, if another process can dump memory, there’s no way (aside from reflection) you can get rid of the data before garbage collection kicks in. With an array, you can explicitly wipe the data after you’re done with it. You can overwrite the array with anything … Read more
It prevents JSON hijacking, a major JSON security issue that is formally fixed in all major browsers since 2011 with ECMAScript 5. Contrived example: say Google has a URL like mail.google.com/json?action=inbox which returns the first 50 messages of your inbox in JSON format. Evil websites on other domains can’t make AJAX requests to get this … Read more
PART I: How To Log In We’ll assume you already know how to build a login+password HTML form which POSTs the values to a script on the server side for authentication. The sections below will deal with patterns for sound practical auth, and how to avoid the most common security pitfalls. To HTTPS or not … Read more
As Royal Bg mentions in the comments, if they have the source code, there’s no way you can secure it against them making a separate copy. As you mention, any attempt at a licence key, or any other type of method, they’d be able to get around.
Here’s a non-exhaustive list of problems/solutions: Your code is difficult to read because it is not properly indented. You should use prepared statemens to guard against SQL-injection. You give hints to hackers by having different error messages. When the username is correct and the password wrong you say: “Login/Password Incorrect :(“, but if the username … Read more
Never try and prevent SQL injection solely by JavaScript. What happens if I turn JavaScript off? Your validation fails instantly. What happens if I modify your JS and remove the keywords you are preventing me from injecting? Always validate it against the server.
No matter how complex you make your code, it can always be read, if necessary with abstract interpretation, i.e. automatically capturing the essence of your code. Code without knowledge of internals, variable names (I assume you’re already using minimization, for example with the YUI compressor), documentation, support, and generalization is worthless for anyone else. If … Read more